A Russian hacker group that has attacked some of the biggest news and business sites in the world claims it penetrated CNET’s website over the weekend and stole a database of registered reader data. A representative from the group calling itself W0rm told CNET News in a Twitter conversation that it stole a database of usernames, emails, and encrypted passwords from CNET’s servers.
W0rm is claiming that the database of stolen information includes data on more than 1 million users. A CBS Interactive spokeswoman said that “a few servers were accessed” by the intruder. “We identified the issue and resolved it a few days ago. We will continue to monitor,” for potential impact, she said.
W0rm said it found its way into CNET’s servers through a security hole in CNET.com’s implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.
The hackers leaked what seems to be genuine source code of the CNET.com website. The leak includes some of the Git version control data which dates the version of the code to last month.