As noted in the ACL’s Nov 29 announcement, OpenReview was notified on Nov 27 of a software bug that allowed unauthorized access to authors, reviewers, and area chairs. The ACL announcement details how any use of the leaked information may result in severe consequences. Thankfully, the OpenReview team was able to fix the issue quickly.
After analyzing the server logs, OpenReview leadership met with ARR and informed us that the impact on ARR was very minor in comparison to other conferences hosted by OpenReview (especially ICLR). Since nearly all reviews had been finalized when the incident happened, only a small number of very late third reviews could have possibly been unduly influenced. However, there were nine papers where the area chair or senior area chair’s identity had been compromised. Consequently, we decided to replace the ACs and/or SACs of these papers to ensure that they received objective meta-reviews and to reduce the risk of retaliation against the AC or SAC for a negative meta-review. Please note though that we have no evidence that the unauthorized queries were issued by the authors, so the action we took was out of precaution.
For the next few cycles, ARR will additionally ensure that resubmissions receive new reviewers if the identities of the earlier submission’s reviewers were leaked.
The ARR October 2025 Editors-in-Chief and EACL 2026 Program Chairs