1 million users affected by CNET.com hack

cnet_hack

News and review website CNET has been targeted by a team of Russian hackers called W0rm. CNET's servers were hit over the weekend, but details have only just been released.

Although CNET has not given a concrete confirmation of exactly what happened, the site explains that a representative of W0rm claims to have stolen a database containing the usernames and passwords of over a million users. It seems a security hole in the Symfony PHP framework was exploited, and it is not yet clear what the fallout could be.

Advertisement

On Twitter, user @rev_priv8, a W0rm representative whose profile description reads "Research & Development", taunted CNET with a message and picture apparently showing the database source code:

A Direct Message conversation followed an invitation to get in touch:

If the conversation is to be believed, the hack appears to have been a bid to highlight security issues rather than to make money. CNET asked whether anyone was interested in buying the database. To which came the broken-English response: "Yes. But I principled that something would not sell it if rasprostronenie [distribute] source code -- a step to improve safety. SNET [sic] sale bd for me crime, information about the sale move to the aggravation of the situation around hacking". There was apparently a threat to sell the database for a single Bitcoin, but this was merely to gain attention.

So is there cause for concern? The problem has now been resolved, and CNET quotes Robert Hansen of White Hat Security as saying "CNET readers might not be at risk". This in itself may not sound particularly reassuring, but he goes on to say "W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred".

3 Responses to 1 million users affected by CNET.com hack

  1. Stephen Green says:

    The bad guys will always find a way don't they.? The world of computers and computing
    are infested with greed!!!

    • Mark Wilson says:

      It sounds like this *might* not have been bad guys or greed-inspired... just done to highlight security issues apparently. Time will tell!

  2. JupitersArrow says:

    Hackers can get very personal information that they need by hacking.
    Sometimes, they can even find out the password using special hack tools. It's
    worth mentioning that hack can be very useful in certain condition. A child of
    my neighborhood behaved erratically some time ago, her parents used Micro
    keylogger to get her FB password to find that someone was trying to tempt her
    into taking drugs. That is terrible.
    http://download.cnet.com/Micro-Keylogger/3000-2162_4-75375292.html

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.