AAAS Press Release Repository Hacked

EurekAlert is offline after a journalist alerts the American Association for the Advancement of Science to a security breach.

Sep 14, 2016
Tracy Vence

PIXABAY, PETELINFORTHEurekAlert, a press release distribution service from the American Association for the Advancement of Science (AAAS), has been hacked and as a result is temporarily offline. In emails sent to registered users throughout the day, AAAS confirmed that “registrants’ usernames and passwords were compromised” during a security breach the organization believes occurred on September 9.

“We do not know the identity of the hacker,” AAAS spokesperson Ginger Pinholster told The Scientist in an email. The individual, she continued, was associated with a now-inactive Twitter account, @Eurekek. “We did notify Twitter, requesting that they notify authorities if they could uncover the person’s identity,” Pinholster wrote.

Pinholster confirmed to The Scientist that AAAS learned of the hack from journalist Philipp Hummel. The suspected hacker first contacted Hummel in a Twitter direct message on September 11. In July, Hummel inadvertently broke an embargo involving a EurekAlert-hosted press release. As a result, AAAS informed Hummel that his activity on the site would be monitored for a probationary period set to end next month, he said. In a post at the Berlin-based publication Die Welt, where he is an editor, Hummel wrote that the suspected hacker reached out to offer him access to embargoed materials through EurekAlert using another user’s login credentials. When the supplied username and password worked, Hummel said, he contacted Brian Lin, codirector at EurekAlert.

According to AAAS, it was while the organization was “working to implement a secure password-reset protocol for all registrants” that two embargoed press releases were leaked. As a precaution, EurekAlert was taken offline.

“We will bring the site back online as soon as we can ensure that vulnerabilities have been eliminated,” AAAS said in a statement.

Closing his post at Die Welt, Hummel noted that the hack offered publishers, public information officers, and journalists a chance to reflect on the place of embargoes in science communication. “It was not easy to contact EurekAlert and betray someone who really wanted to help me. I have done it anyway. . . . What I of this article promise: a debate about the purpose of blocking periods in the science and the publishing system behind it. This report could be a start.” (via Google Translate)

See “Q&A: Why I Warned AAAS About the Hack”