News and review website CNET has been targeted by a team of Russian hackers called W0rm. CNET’s servers were hit over the weekend, but details have only just been released.
Although CNET has not given a concrete confirmation of exactly what happened, the site explains that a representative of W0rm claims to have stolen a database containing the usernames and passwords of over a million users. It seems a security hole in the Symfony PHP framework was exploited, and it is not yet clear what the fallout could be.
On Twitter, user @rev_priv8, a W0rm representative whose profile description reads “Research & Development”, taunted CNET with a message and picture apparently showing the database source code:
If the conversation is to be believed, the hack appears to have been a bid to highlight security issues rather than to make money. CNET asked whether anyone was interested in buying the database. To which came the broken-English response: “Yes. But I principled that something would not sell it if rasprostronenie [distribute] source code — a step to improve safety. SNET [sic] sale bd for me crime, information about the sale move to the aggravation of the situation around hacking”. There was apparently a threat to sell the database for a single Bitcoin, but this was merely to gain attention.
So is there cause for concern? The problem has now been resolved, and CNET quotes Robert Hansen of White Hat Security as saying “CNET readers might not be at risk”. This in itself may not sound particularly reassuring, but he goes on to say “W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred”.