Popular EurekAlert!, a Science press site, is currently offline due to an attack made by an unknown hacker last Sept. 9.
As of press time, AAS (the company that runs EurekAlert) is "working diligently" to address the recent security breach, especially after the hacker released an embargoed news release publicly, according to a statement released by the website.
The website is the go-to science portal of many journalists because this is where they can find recent scientific studies, journals and press releases. EurekAlert! uses an embargo system, where experts can share their academic writings and findings to the site. However, the releasing of these journals are usually withheld until it is such time to release it publicly.
According to Ginger Pinholster, Chief Communications Officer for the American Association for the Advancement of Science (AAS), they were alerted of a potential breach in their system last Sept. 11. In a report posted in IBT, the alert came from a reporter-registrant. An unidentified person reached out to the informant through Twitter and offered to share EurekAlert's login information.
This prompted an investigation concerning the breach, and it turns out that it all started on Sept. 9, when there was an "aggressive attack" on their system. The move made all usernames and passwords of the registrants, which mostly are journalists and press officers, to be compromised and in danger from stealing information. As the company worked on to fix the breach, the hacker released an embargoed EurekAlert! news release to the public. The company then decided to bring the site down immediately. Pinholster told Popular Science that by bringing down the site, it will make other data inaccessible.
As of the moment, the team behind EurekAlert! doesn't have any idea who could be the possible hacker. However, they were informed about a Twitter account that is possibly related to the hacker.
"There was a Twitter account (@eurekek) associated with the hacker. We have contacted Twitter, asking them to contact authorities if they can identify this individual." Pinholster said. "We do not know the hacker's motivation. He seemed to be motivated by a desire to see whether he could breach our site."
Pinholster also assured everyone that their IT team is doing their best to recognize and close the wormhole that permitted the hacker to breach the site. He also said that "this has been a round-to-clock effotrt," and that he can't predict yet until when they can fix this .
Fortunately, financial information of the registrants are not compromised as these data are not posted in the website.