For many science journalists, a week is not complete without one or more trips to the Eurekalert website. Compiled by the American Association for the Advancement of Science, Eurekalert is the one-stop shopping platform for press releases on the latest scientific findings, collecting materials from scientific journals, research institutions and more.
If you’re an established science journalist, you can also sign up to access news before it’s news. Log in with the correct credentials and you can see press releases and, in many cases, full research papers up to a week before they are released to the public. You only need to agree never to publish anything about the work until a certain date and time – the information is under embargo until then.
Late Tuesday night, however, access to the site disappeared, replaced by a message that the site had been hacked and that the hackers had begun leaking embargoed press releases. Only two releases came out before access was revoked, and if that’s anything to go by, the hackers have absolutely no idea what advanced science makes.
Currently, a visit to the Eurekalert home page notifies you with the following information:
We take this step out of an abundance of caution. The integrity of the content on our website is of utmost importance to us. On September 11, we were made aware of a possible breach of our system. An investigation revealed that on September 9, our website suffered an aggressive attack that compromised usernames and passwords. While we were working to implement a secure password reset protocol for all registrants, the unknown hacker has publicly issued a EurekAlert! press release. We then decided to take the site down immediately, to protect other embargoed content.
The universities and journals posting to the site pay for the privilege, but that payment information was not on the compromised server. However, journalists who have registered on the site should be aware that their credentials have been compromised; they can now desperately try to find out what other sites they used that 15-year-old password for. An equally big concern is how to access the articles Sciencescheduled to come out of the embargo tomorrow at 2:00 p.m. Eastern Time.
As for what motivated the hackers themselves, it was possible that they objected to the embargo process or were interested in releasing scientific information, much like the woman behind SciHub. If they were, they would no doubt have chosen to make high-profile science part of their leak. However, when we reached out to the people behind Eurekalert to find out, it became clear that the hackers had no idea what they were doing when it came to scientific news.
One of the leaked releases was about a study that linked excessive TV consumption in children with various social problems. It seems like solid research, but it was published in a relatively obscure journal and it probably didn’t make a big impression, given that it’s in a pretty well-studied area. The second was about the adoption of technology like Google Glass by surgeons – again, territory that’s pretty well covered.
The leaked press releases weren’t even released well before the embargo time, as Eurekalert’s Brian Lin told Ars they would have been made public by now anyway. And none of the vast number of research papers was made public.
So unless something changes, this hack appears to have released no critical scientific or financial information, and the hackers appear to have no ideological agenda. The hackers either attacked Eurekalert because it was there, or to get their hands on the username/password combinations in the hope that they would also be used somewhere with more valuable information.