Major science website gets hacked

EurekAlert! / AAAS

 

September 13, 2016 – 10:10 p.m. EDT

Dear EurekAlert! Registrants:

The EurekAlert! website has been taken offline as AAAS works diligently to address a serious security breach.

We are taking this step out of an abundance of caution. The integrity of content on our website is of the utmost concern to us. On September 11, we were notified of a potential breach to our system. An investigation revealed that our website had experienced an aggressive attack on September 9 that compromised usernames and passwords. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release. We then decided to bring the site down immediately, to protect other embargoed content.

Please be assured that financial information from subscribing institutions is not stored on the EurekAlert! website and therefore remained secure. Registrants’ usernames and passwords were compromised, however.

We deeply regret the inconvenience that this security breach and the related site outage may cause reporters and public information officers. We will bring the site back online as soon as we can ensure that vulnerabilities have been eliminated. Please email the EurekAlert! team at webmaster@eurekalert.org, or contact me directly with any questions or concerns.

Ginger Pinholster
Chief Communications Officer and Director, Office of Public Programs
American Association for the Advancement of Science

Advertisements

22 thoughts on “Major science website gets hacked

  1. Just another random ‘lets get a hundred thousand email addresses for Baby Boobs to send porn to’ drive by then…

  2. If you really think about it, they’ve been “hacked” for years! Not by any nefarious outside group, but by a slew of AGW proponents continually inserting one alarmist paper after another.

    A perfect “hack’ job by any definition!!!

    • Yeah, a trojan attack. The gullible insiders helped to haul the fabricated siege tower into their walled city.
      Somehow, imagining that it was useful for their own purposes. Later their modern equivalents will struggle to explain away their own incompetence. In ancient times the pathetic excuse became, “but, we thought it was a wooden horse”, The feeble excuse for the failure of 21st century climate predictions, will be along the lines of, “we thought dendoclimatology was a genuine science”. Something along those lines, no doubt. And various other feeble attempts to shift the entire blame onto some minor disposable portion of the now vast enterprise. But, then again, by 2100, the silly climate predictions of 2016 will seem no more relevant than the stories of Jules Verne do to the people of today.

    • McNutt was the climate gestapo mole. she’s now President of the NAS, a one-yr term. She is probably on HRC’s shortlist to be WH Science Advisor and Climate Witch Doctor. Her mentor and puppetmaster is the current WH pseudoscience advisor, John Holdren.

  3. There’s that “abundance of caution” phrase again.

    It’s sort of like, “powering through“, which is no doubt political phraseologist-approved, focus-group studied newspeak for “we f*cked up and here’s our PR firm to gloss over our incompetence”.

  4. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release

    Yeah, right. The moment you know you’ve been hacked, you pull the plug on the internet connection. That’s basic computer security. If you know what machine was hacked, you kick it off the network and do a last-known-good restore on new hard drives. Again, basic security.

    You don’t leave the compromised machine open on the internet whilst you twiddle your thumbs and figure out your next step. That’s just stupid.

    Assuming that these are remotely managed virtual machines: you do exactly the same from the control panel.

    There is simply no excuse for being hacked a second time when you know you’ve got a problem!

    • Wow, the vicious criminals ! They “stole” embargoed material so you pals didn’t have exclusive advance time to write the PR propaganda before anyone else gets a look in.

      Now that is really serious stuff.

      “… an aggressive attack on September 9 that compromised usernames and passwords.”

      WTF you are keeping unencrypted passwords on an outward facing part of your network?

      Friggin amateurs.

  5. Anyone know what the embargoed content was? I don’t recall seeing any news “scoops” on the issues of interest to them.

  6. Considering the green takeover of the content of allegedly “public” sites like Wikipedia, I wonder if there is any ideological intent in this hacking incident.

  7. Unfortunately, nobody is safe anymore.
    If you aren’t designing in security from the get go, you are going to get hit.
    If your first thought in the morning and last thought before bed isn’t how can I make my site more secure, you are going to get hit.

Comments are closed.