CNET Hacked, One Million Users’ Data Stolen

Technology news website CNET has been hacked by the Russian hacker group ‘w0rm’ in a cyber attack that compromised the usernames, encrypted passwords and email addresses of over a million users.

The hacking group said it gained access to CNET’s servers through a security hole in CNET.com’s implementation of the Symfony PHP framework – a programming tool with which developers can construct complex websites.

A representative from w0rm said the group had no plans to decrypt the passwords or sell the database. In a tweet on Monday, w0rm stated that it would sell the database for 1 bitcoin – around $622 – but the group’s spokesperson said they offered to sell the database to gain attention and ‘nothing more’.

w0rm claims that it wanted to increase awareness of the need to improve the overall security of the web. If that’s true then the group has certainly been successful: its decision to choose CNET as a victim has significantly helped raise the issue of ineffective cyber security.

CNET’s popularity apparently motivated the group to target the site. “[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright,” W0rm said in a Twitter exchange on Monday. “I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws.”

W0rm also claims to have successfully hacked the BBC in late 2013 and to have previously hacked the websites of Adobe Systems and Bank of America.

CNET appears to be playing down this attack but as a CNET user myself I’m far from pleased that a group of cyber criminals has my username, password and email address. Fortunately, I use different usernames and passwords for all my accounts, but I doubt that the other million affected users do.  I hope for CNET’s and its users’ sake that w0rm will stay true to its word and not decrypt or sell the database.

Subscribe to our Data Breaches and Cyber Attacks Newsletter
[email-subscribers namefield=”NO” desc=”” group=”Databreachupdates”]