Technology news, download and reviews website CNET has been hacked by a Russian hacker group called as “W0rm” leading to compromising of usernames, encrypted passwords and email addresses of more than a million users.
CNET said that a representative from the group calling itself W0rm, mentioned in a Twitter conversation, about stealing a database of usernames, emails, and encrypted passwords from the CNET’s servers. The database affects more than 1 million registered users.
The attacking group claimed that it found access through CNET’s website through a security hole in CNET.com’s implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.
Money – Not the reason behind hacking
As per CNET, W0rm tweeted Monday that it would sell the stolen database for 1 Bitcoin, around $622. However, one spokesperson from the attackers group later clarified that they offered to sell the database to gain attention — “nothing more.”
The motive of the attack, though, was not to make money, instead the attackers claimed that they hacked CNET servers to improve the overall security of the Web.
“[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright,” W0rm said in a Twitter exchange on Monday. “I want to note that the experts responsible for bezopastnost [security] in CNET very good work but not without flaws.”
W0rm claims to have successfully hacked the BBC in late 2013, as well as earlier hacks of Adobe Systems and Bank of America websites. Now by hacking a high profile site like CNET they could raise awareness about security flaws in websites in the web world.
The issue, has been resolved, says CNET. A CBS Interactive spokeswoman said that “a few servers were accessed” by the intruder. “We identified the issue and resolved it a few days ago. We will continue to monitor,” for potential impact, she said.
If you are a registered user with CNET, it might be a good idea to change your passwords.
Find out: Have I been Hacked?