go to content

Hackers Take Over Major Science Journalism Site

The "major security breach" resulted in the loss of username and password data for thousands of users.

Posted on

In a week of hacking headlines, the latest attack has struck EurekAlert!, a press release hub for science journalists run by the American Association for the Advancement of Science (AAAS).

Late Tuesday night, the organization announced that its site had experienced a "major security breach" and would be shut down while AAAS deals with the issue.

AAAS was notified of the attack on Sept. 11, but the actual breach occurred two days earlier, according to Ginger Pinholster, a spokesperson for the organization.

As the group was working to reset all the passwords on its site, the still-unknown hacker decided to publish two of EurekAlert!'s press releases on their private Twitter account (@Eurekek), both of which had been "embargoed," or scheduled for release on a future date.

At that point, Pinholster told BuzzFeed News, AAAS decided to take the whole site down to avoid compromising any further information not meant to be made public.

"What we're doing right now is trying to identify whatever wormhole this hacker has used," Pinholster said. "It's currently an around-the-clock effort."

The hack follows two more serious security breaches in the US this week. On Tuesday, hackers leaked emails from former Secretary of State Colin Powell calling Donald Trump a "national disgrace." Powell also condemned the presidential nominee for embracing the "racist" movement questioning the validity of President Obama’s birth certificate.

Then, on Wednesday, a Russian hacker group called "Fancy Bear” broke into the World Anti-Doping Agency’s database and released the medical records of top US Olympic athletes, including Simone Biles, Elena Delle Donne, and Venus and Serena Williams.

The EurekAlert! hack was first identified by German science journalist Philipp Hummel.

According to Hummel, on Sept. 11 the hacker contacted him through a Twitter direct message offering him full access to the site. (Hummel had been temporarily banned from the site for breaking the rules over when he could report on an upcoming paper.) The hacker, who had accessed all of the embargoed study information as well as user login details, offered him a way back in.

Get ready for some insider infos on the @EurekAlertAAAS hack... #EurekAlert @welt @WELT_Wissen

Hummel notified AAAS about the hacker, who had just released two of the site's upcoming press releases ("Surgeons trial smart glasses for mid-op note taking" and "Associations between television, early childhood and social impairment during adolescence"). The account has since been taken down, and AAAS is currently working with Twitter to try to establish the identity of the hacker.

EurekAlert! has previously drawn criticism for having a stranglehold over what scientific papers make headlines. These critics say the site strongly shapes how scientific results are packaged and, sometimes, exaggerated. As scientists struggle to grab media attention with their papers, the site has become, as Wired said on EurekAlert!'s 20th anniversary in May of last year, the "one clearinghouse to rule them all."

But so far, the hacker's motive is unclear.

"We really can't speculate," Pinholster said. "All I can say is that this individual seemed to just have a sort of stereotypical hacker interest in seeing if he could breach our site."

UPDATE

This post has been updated to reflect that Hummel had been temporarily banned from using EurekAlert! for breaking the rules on when he could report on an upcoming paper.

Azeen Ghorayshi is a science reporter for BuzzFeed News and is based in New York. Her PGP Fingerprint is 9739 9DAE 607E A66A 3683 AC20 E34B D2A0 8899 74C4

Contact Azeen Ghorayshi at Azeen.Ghorayshi@buzzfeed.com.

Got a confidential tip? Submit it here.