The Technology News Website CNET Has Been Hacked
CNET has acknowledged that hackers broke into some of their web servers several days ago and accessed a database of website users. A Russian hacking group that goes by the name w0rm has publically taken credit for the stolen database, which they claim to be of more than one million users world wide. The data base includes usernames, emails and encrypted passwords.
w0rm claims to have gained access by exploiting a security flaw in the Symfony PHP framework, which is software used to integrate different parts of the CNET website. Like so many others w0rm has a Twitter account, see below for a screenshot.
CNET has posted an article online regarding the security breach.
On Monday July 15th, 2014 w0rm offered the database up for sale via Twitter for a very small price of 1 Bitcoin. In comparison those perpetrating CryptoLocker were ransoming their encryption key for 10 Bitcoins.
w0rm has stated in fairly broken English, “we are driven to make the Internet a better and safer rather than a desire to protect copyright.” w0rm went on to say “I principled that something would not sell it if rasprostronenie (Russion for distribute) source code”.
Are they principled and simply out to find and make others aware of security flaws? The fact that w0rm redacted portions of their screenshots which will help prevent copycat hackers says they may be legitimately trying to be helpful. Or it could also be an effort to protect what they consider their proprietary information on how they went about hacking into the CNET site.
Whatever the intended goal w0rm did offer the database up for sale, so if you’re a registered user of the CNET website it’s time to change your password and if you use that same password on other sites, say with your bank, it’s a good time to change that too.
[whohit]CNETHacked[/whohit]