Science Press Site ‘EurekAlert!’ Offline After Being Hacked

Most people have never heard of EurekAlert!, but reporters here at Popular Science and just about every other major science publication use the news release service every day to keep track of scientific news coming out of universities and scientific journals from all over the world. Now, it’s gone.

Here’s how it works in a nutshell. Scientists write a paper that goes through the peer review process, and gets published in a journal. When the paper is published, the journal and the scientist’s university will post a press release to EurekAlert! complete with information about the paper, contact information for the scientists and often photos and videos of the experiments or field sites. Journalists scan through the press releases, see one that catches their eye and write about it. Sometimes this process happens a few days before the paper is published, and all reporters vow on pain of death to not publish their article until a certain time, when the paper itself goes public in a journal. The latter detail is a bit called the embargo system, and is why you’ll suddenly see a flood of breaking news from many different outlets about the same study, usually all published the second an embargo goes up.

As of this morning, the service was taken offline in an effort to stem the damage wrought by a hacker a few days ago, sending reporters everywhere into minor states of panic as papers, press releases and contact information for scientific sources suddenly went from being a click away to being…many more clicks away. Maybe even some phone calls.

It’s ok, we’ll all get through this.

The hacking was first noticed by EurekAlert! on September 11, and investigators with EurekAlert! figured out that there had been a large-scale attack on the site on September 9, which compromised account information (usernames and passwords) for the press officers and journalists registered to the site.

Then things started to get worse.

“The hacker had begun to publicly release embargoed news releases posted to our password-protected website portal, and therefore, we took the step of taking our site offline, to make the rest of our database inaccessible.” Ginger Pinholster, Chief Communications Officer for the American Association for the Advancement of Science (aka, AAAS, which runs EurekAlert!) told Popular Science in an e-mail.

“We do not know the identity of the hacker. If we are able to determine this, we will of course contact law-enforcement authorities immediately. There was a Twitter account (@eurekek) associated with the hacker. We have contacted Twitter, asking them to contact authorities if they can identify this individual.” Pinholster said. “We do not know the hacker’s motivation. He seemed to be motivated by a desire to see whether he could breach our site.”



Screenshots of tweets posted by Twitter account @Eurekek which has since been deactivated. The twitter account is believed to be linked to the hack.

The importance of EurekAlert! to science news organizations was elegantly summed up by Nick Stockton in an article for Wired.

“EurekAlert was never trying to be much more than a convenience. Which turned out to be its greatest gift: Making science easy to access.” Stockton wrote. Every day, EurekAlert connects over 12,000 journalists with thousands of universities and scientific journals from around the world. Without it, reporters can still get information, but not nearly as easily, and not all in one place.

“We have a large IT team working to identify and close the wormhole that allowed a hacker to breach our site. Obviously, we can’t bring the site back online and implement a secure password-reset protocol until the wormhole has been found and sewn up. I’m not able to predict when this will be achieved, except to say that this has been a round-the-clock effort.” Pinholster said.

We’re really looking forward to having it back.