Hackers Hit EurekAlert, Where All Your Science News Comes From

EurekAlert is where journalists find breaking science news—or, where they used to, before it was hacked and taken offline

Illustration: Diana Quach
Sep 14, 2016 at 2:17 PM ET

The science stories that crowd your newsfeed, influence policies, and lead the front pages of your favorite newspapers often come from a single source: And now it’s been hacked.

EurekAlert, a project of the American Association For The Advancement Of Science, collates press releases from science institutions with relevant links and contact information. For better or worse, it’s the bread and butter of the science journalism industry, providing fodder for news items and connecting scientists with reporters. EurekAlert’s offerings are usually under strict embargo — that is, journalists are granted access to the network on the condition that they agree not to report on the stories until a predetermined deadline. But on September 11, a hacker breached EurekAlert and allegedly leaked embargoed studies through the now-defunct Twitter handle @Eurekek.

“We are very sorry for the inconvenience to our registrants. The team here is working as quickly as possible to get our site back online in a safe fashion,” Ginger Pinholster, communications officer at the AAAS, told Vocativ in an email. “Anything else I might say regarding the technical issues could potentially compromise our security efforts, going forward.”

More Olympic Hackers Likely Behind DNC Breach

Details are still scant, but in the immediate aftermath it appeared that the usernames and passwords of EurekAlert users had been compromised, along with at least some of its embargoed research. It is still unknown whether the passwords were encrypted, hashed, or just in plain text. But the AAAS stressed in their press release last night that, “financial information from subscribing institutions is not stored on the EurekAlert! website and therefore remained secure.”

The fact that the hack did not compromise anything of immediate value has led to speculation surrounding why a hacker would even bother breaching EurekAlert. It is possible that the hacker was interested in exposing embargoed information that could embarrass one of its subscribing institutions or even damage it financially — for instance, releasing the details of a new technological development before an embargo breaks could theoretically impact stock prices — but that seems unlikely, if only because there are so many better ways to expose secret information.

But since EurekAlert is (or was) a bastion of embargoed news, it’s also possible that the hacker was making a stand against the highly controversial practice of placing news under embargo. While embargoes were originally intended to give journalists a fair amount of time to research and cover major news, many believe that the current practice of placing almost all scientific studies under embargo is silly and potentially damaging. Especially when it comes to health and medical news some even argue that embargoes violate journalistic ethics, by withholding potentially important discoveries and information from the public until an institution permits its release.

While it remains unclear whether the hacker’s motives had anything to do with the ongoing debate over embargo ethics, it’s safe to say that not everyone is sorry to see EurekAlert go down.

“Embargoes may seem like a dry and arcane topic, but when it comes to science, they play a central role in what the public finds out about, and when they find out about it,” Ivan Oransky, medical journalist, professor, physician, and creator of the blog EmbargoWatch told Vocativ in an email. “In exchange for time and access, journalists agree to wait to report on studies until journals say they can. What emerges is a very warped sense of how science works.”

“There are certainly people who would like to see embargoes go the way of the dodo.”