CNET, the popular tech news and reviews website, was compromised over the weekend by Russian hackers called “W0rm,” CNET’s parent company, CBS Interactive, confirmed yesterday.
Someone using the Twitter handle @rev_priv8 tweeted a screenshot on 12 July which appeared to show contents of the CNET database:
They then followed up with a tweet on 14 July:
A CBS Interactive spokeswoman confirmed that “a few servers were accessed” by the intruder.CNET said the hacker or hackers stole 1 million emails, usernames and encrypted passwords.
The hackers gained access to the user database via a security hole in CNET’s implementation of the Symfony PHP framework – the “skeleton” on top of which CNET’s website is built.
The spokesperson continued:
We identified the issue and resolved it a few days ago.We will continue to monitor [the situation].CNET reports that W0rm tweeted on Monday that it will sell the database for 1 bitcoin – around $622 – but that a W0rm representative told them through a Twitter conversation that the group offered to sell the database to gain attention and “nothing more”, and had no plans to decrypt the passwords or to complete the sale of the database.
But do we really want to trust hackers who take illegal steps to raise security awareness?
CNET’s article says “readers might not be at risk.”
Good to know, CNET – but it’s worth being extra cautious in a situation like this.
It should go without saying that registered users of CNET’s website should change their CNET passwords and those on any other sites for which they use the same password (but no-one still does that, do they?).