CNET attacked by Russian hacker group

A Russian hacker collective says it broke into CNET servers over the weekend and stole a database of usernames and passwords.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
2 min read

A representative from W0rm said that the group would not "rasprostronenie," Russian for "distribute," CNET source code. Screenshot by Seth Rosenblatt/CNET

A Russian hacker group that has attacked some of the biggest news and business sites in the world claims it penetrated CNET's website over the weekend and stole a database of registered reader data.

A representative from the group calling itself W0rm told CNET News in a Twitter conversation that it stole a database of usernames, emails, and encrypted passwords from CNET's servers.

W0rm is claiming that the database of stolen information includes data on more than 1 million users.

A CBS Interactive spokeswoman said that "a few servers were accessed" by the intruder. "We identified the issue and resolved it a few days ago. We will continue to monitor," for potential impact, she said.

W0rm said it found its way into CNET's servers through a security hole in CNET.com's implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.

Properties owned by CBS Interactive, which includes CNET, were the ninth-most visited sites in the US during May. According to ComScore, CNET had 27.1 million U.S. unique visitors on desktop and mobile in June 2014.

The W0rm representative, a non-native English speaker, said the group had no plans to decrypt the passwords or to complete the sale of the database. W0rm tweeted Monday that it will sell the database for 1 bitcoin -- around $622. But the group's spokesperson said they offered to sell the database to gain attention -- "nothing more."

Hacker collective W0rm's screenshot, posted to their Twitter account, of the CNET hack. W0rm

W0rm claims that its goals are altruistic, and that it hacked CNET servers to improve the overall security of the Web. By targeting high-profile sites, the group says it can raise awareness about security flaws. W0rm claims to have successfully hacked the BBC in late 2013, as well as earlier hacks of Adobe Systems and Bank of America websites.

CNET's popularity is what motivated the group to target the site. "[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright," W0rm said in a Twitter exchange on Monday. "I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws."

Robert Hansen, a Web security expert at White Hat Security, said CNET readers might not be at risk.

"It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," Hansen said. "W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred."

Update at 11:30 a.m. PT, July 15, to clarify that the number of people listed in the database comes from the hacker group.