Cyber Incident Victim: EurekAlert!
Date:
Sep 2016
Location:
United States of America
Summary
A popular science website handling embargoed research reports suffered a security breach compromising user credentials, with the attacker leaking two embargoed news releases. The service, operated by the American Association for the Advancement of Science, took its platform offline to prevent further exposure of sensitive content after discovering unauthorized access. While financial data remained unaffected, the incident disrupted operations for journalists and public information officers relying on the platform for pre-publication research materials. The organization initiated password resets and security enhancements before restoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 6, 2016, EurekAlert!—a science news service operated by the American Association for the Advancement of Science (AAAS)—publicly disclosed a security breach compromising user credentials and embargoed research content. The organization first learned of unauthorized access on Sunday, September 4, following a hacking incident that occurred on Friday, September 2. Investigators confirmed that usernames and passwords for the platform were stolen, though the data storage method (plaintext or hashed) remained unspecified. During their investigation, administrators worked to implement a secure password-reset protocol for all registrants. Before this process could be completed, the attacker publicly leaked two embargoed news releases via Pastebin—one from the University of Sussex and another from the University of Montreal—circumventing standard embargo protocols. EurekAlert! spokesperson Ginger Pinholster confirmed the leaked documents' authenticity and noted Twitter had been contacted regarding posts sharing the compromised materials.
In response to the breach, EurekAlert! took its entire website offline on September 6 to prevent further exposure of embargoed content, causing significant disruption to journalists and public information officers who relied on the service. The organization emphasized no financial data from subscribing institutions was compromised during the incident. Service restoration was delayed pending comprehensive vulnerability remediation, with administrators prioritizing system integrity over operational continuity. The takedown occurred after the initial breach disclosure but before mandatory password resets could be enforced across all accounts. Embargoed research distribution—a core function of the platform—was directly undermined by the attacker’s selective publication of unreleased studies, damaging the controlled dissemination process critical to scientific journalism. EurekAlert! acknowledged the operational impact on users while maintaining that content protection justified the extended outage.