Hackers have targeted the journal, EurekAlert, with what has been described as an “aggressive attack”, believed to have started on 9 September, targeting the usernames and passwords of registered users.
As a result of the hack, the EurekAlert website was pulled offline on 11 September. The website’s offline notice originally said the site was expected to be up “by the weekend.”
However, this page was updated yesterday (18 September) with the news that EurekAlert is “…optimistic that we can bring all public pages back online tomorrow.”
During the course of the attack, two embargoed press releases were made public before they should have been.
According to EurekAlert’s original notice, posted on September 15, anyone who had registered on the site previously will need to create a new password that “meets modern standards for password complexity” when the site relaunches.
It’s not clear why EurekAlert was targeted. Perhaps hackers were trying to cause the early release of research news, possibly as a protest against embargoing scientific news and breakthrough.
Hackers claiming responsibility for the attack had publicized the embargoed studies via a Twitter account they created specifically for this attack, though that account was quickly pulled offline by Twitter staff.
Alternately, perhaps the hackers weren’t targeting the embargoes but happened across them while trying to find an easy target for usernames and passwords to mine.
I am registered on EurekAlert. What should I do?
If you were a registered user of EurekAlert and used your password for that site anywhere else, make sure to change your password immediately on all other sites – and make sure your new passwords are unique for each online account you have.
Once EurekAlert comes back online, you’ll need to change your password there as well.
(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)