Coindesk Logo
MarketsMarketsMarkets
Election 2024
Election 2024
Election 2024

Hackers Offer Stolen CNET Database for Bitcoin in Publicity Stunt

Hackers Offer Stolen CNET Database for Bitcoin in Publicity Stunt

Hackers Offer Stolen CNET Database for Bitcoin in Publicity Stunt

Russian hacking group wOrm, which managed to steal CNET’s user database, offered to sell the information for 1 BTC.

Russian hacking group wOrm, which managed to steal CNET’s user database, offered to sell the information for 1 BTC.

Russian hacking group wOrm, which managed to steal CNET’s user database, offered to sell the information for 1 BTC.

By Nermin Hajdarbegovic
AccessTimeIconJul 16, 2014, 1:20 PM
Updated Aug 16, 2021, 1:10 PM
Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A group of Russian hackers that managed to steal CNET’s user database has made that information available for bitcoin, in what seems like a publicity stunt.

The group, which calls itself 'wOrm', says the database contains the accounts of more than a million users, including their usernames, emails, passwords and other information.

The asking price for the source code and the database was 1 BTC, roughly $615 at the time of writing. However, CNET was later told that the group has no plans to decrypt the passwords or to complete the sale of the database.

The offer, which was apparently made to gain attention for the group's "altruistic" work, was quickly rescinded. WOrm has previously carried out similar attacks on websites belonging to the BBC, Adobe Systems and Bank of America.

CNET admits breach

CNET confirmed the attack and admitted that several servers were accessed and compromised. The security flaw that allowed the breach has since been patched, but the hackers managed to steal a significant amount of data before the attack was detected and addressed.

The hackers say they exploited a hole in CNET’s implementation of the Symfony PHP framework. Although the group initially offered to sell the database, it insists its main motivation is security awareness.

"We are driven to make the Internet a better and safer [place] rather than a desire to protect copyright. I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws," a wOrm member told CNET via twitter.

No cause for alarm?

CNET has not advised its users to change their passwords yet, as the compromised passwords were encrypted and wOrm has stated it will not try to decrypt them.

Web security expert Robert Hansen agrees CNET readers are not at risk. He points out that the hackers were careful not to reveal the “full path to the actual exploit” and that it informed the public of the attack.

"It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," Hansen said.

Hacker image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about
hackingCrimeTechnologyNewsTechnology News