Tech news site CNET has fallen prey to a Russian hacking group who have stolen usernames, encrypted passwords and emails of over a million users. CNET says that the attack happened over the weekend when the hackers were able to gain access to its servers and user information.
A rep from the hacking group called “W0rm” contacted CNET over Twitter to claim responsibility. CNET is owned by CBS interactive and a spokesperson for the site said that “a few servers were accessed” in the attack. She added that W0rm claims that the group has no intention to decrypt any of the passwords but will sell the information for one bitcoin.
W0rm went onto explain, via Twitter, that he and his colleagues’ hacking work was done for attention and to highlight security flaws. “[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright,” he/she said in a number of statements that displayed some broken English.
“I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws.”
W0rm is believed to be behind a number of other high profile site hacks in the past for similar security activist-like reasons, including the BBC, Adobe, and Bank of America.
CNET has tried to assure users that they are not at risk from this attack, quoting Robert Hansen of White Hat Security:
“It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it’s actually a good thing,” Hansen said. “W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred.”