Of all the sites you'd expect to get hit by a security exploit, a website dedicated to computers and technology is not one of them. But CNET learned the hard way on Monday that editorial focus is no substitute for proper security.
According to CNET itself:
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/ , a database of usernames, emails, and passwords belonging to over 1 million users was lifted in an apparent exploit by a Russian hacker group known as 'w0rm'. CNET has acknowledged culpability for the attack, saying that the database was lifted when the hacker penetrated a hole in the Symfony PHP Framework, which was wrongly implemented by CNET. But despite w0rm's wrongdoing, the group's goals are only somewhat malicious: CNET says that w0rm hacked its site "to improve the overall security of the Web" -- an oft-used catchphrase by grey hat hackers far and wide -- and that users would likely not be at risk.
Despite its claims of decency, w0rm still plans to sell the database for a king's ransom -- one Bitcoin. That's around $600 in regular currency, which is a bit low considering the number of people affected, but just enough for an aspiring hacker to pay without his mother noticing the charges on her credit card.
(NW)