CNET website and 1 million passwords compromised by Russian hacker group

Filed Under: Data loss, Featured, Security threats

CNET, the popular tech news and reviews website, was compromised over the weekend by Russian hackers called "W0rm," CNET's parent company, CBS Interactive, confirmed yesterday.

Someone using the Twitter handle @rev_priv8 tweeted a screenshot on 12 July which appeared to show contents of the CNET database:


They then followed up with a tweet on 14 July:


#cnet i have good protection system for u ping me

A CBS Interactive spokeswoman confirmed that "a few servers were accessed" by the intruder.

CNET said the hacker or hackers stole 1 million emails, usernames and encrypted passwords.

The hackers gained access to the user database via a security hole in CNET's implementation of the Symfony PHP framework - the "skeleton" on top of which CNET's website is built.

The spokesperson continued:

We identified the issue and resolved it a few days ago. We will continue to monitor [the situation].

cnet-hackedCNET reports that W0rm tweeted on Monday that it will sell the database for 1 bitcoin - around $622 - but that a W0rm representative told them through a Twitter conversation that the group offered to sell the database to gain attention and "nothing more”, and had no plans to decrypt the passwords or to complete the sale of the database. 

But do we really want to trust hackers who take illegal steps to raise security awareness?

CNET's article says "readers might not be at risk."

Good to know, CNET - but it's worth being extra cautious in a situation like this.

It should go without saying that registered users of CNET's website should change their CNET passwords and those on any other sites for which they use the same password (but no-one still does that, do they?).

And, if you're an IT pro, make sure to follow our tips for securing passwords.

Image of "hacked" note courtesy of Shutterstock.

, , , ,

You might like

6 Responses to CNET website and 1 million passwords compromised by Russian hacker group

  1. Eliot · 408 days ago

    EPIC FAIL. I hope Sophos gets hacked next for the drama

  2. Anonymous · 408 days ago

    No wonder: safe_mode and open_basedir disabled, all PHP functions enabled, old version of MySQL and nginx; and even buggy PHP CMS/framework. They've got what they deserve ;-)

    • Steve · 407 days ago

      No, unfortunately, the users got what the IT staff deserved. :-(

  3. Tom Fiorillo · 408 days ago

    I stopped using CNET when they included all the adware with downloads. They managed to turn a useful site into just another annoying site.

  4. LonerVamp · 407 days ago

    So, would this hole have been fixed without this breach? That's always the fun question.

    It's possible in this case, that hackers employing illegal tactics actually made a system more secure (raised security awareness) as a result. (Of course, this is usually the case, despite intentions, but...)

  5. Stace · 405 days ago

    What is you don't recall if you signed up? I've used cnet off and on for a decade but I know I haven't logged into it for years and have no idea if I ever signed up. I don't sign up for every site I visit so I honestly have no idea if I'm signed up for it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.