Science news website Eurekalert! went offline late Tuesday after being hacked by an unknown person who stole the login information of the site’s registered users. The news service, run by the American Association for the Advancement of Science (AAAS), first learnt about the security breach Sunday.
The site went offline even as “AAAS works diligently to address a serious security breach,” according to a statement posted on it at 10:10 p.m. EDT Tuesday, and called the move “an abundance of caution.” Apart from stealing the usernames and passwords of registered users, the unknown hacker also published an embargoed news release from the website ahead of time.
The news service became aware of the security breach, which investigation showed took place on Sept. 9, “on Sept. 11 [when] a reporter-registrant contacted us to express concerns after he was approached via Twitter by an unknown individual who offered to share EurekAlert! login information.” At that point, the website began “a secure password-reset protocol” for users but went offline when it found out about the embargoed news being publicly released.
Ginger Pinholster, chief communications officer at AAAS, clarified in the statement that the financial information of registrants was not compromised, since that data is not stored on the Eurekalert! website.
“We deeply regret the inconvenience that this security breach and the related site outage may cause reporters and public information officers. We will bring the site back online as soon as we can ensure that vulnerabilities have been eliminated,” Pinholster said.