CNet (owned by CBS) is usually the first to break news about website hack-attacks so it must have felt weird when it became the victim of one.
A Russian Hacking group posted a tweet on 12 July making it clear that it had hacked into CNet’s servers and stolen user data.
https//w0rm.in/cnet.com.tar.gz cnet hacked, here is src of www. pic.twitter.com/ggkaNF3VfE
— w0rm (@rev_priv8) July 12, 2014
A representative of the group by the Twitter name of ‘W0rm’ claims that it launched this attack in order to highlight security weaknesses in the CNet security infrastructure.
In order to make its point, W0rm claims that the Russian hacker group stole the user information of 1 million CNet users from its servers.
The Russian hacker group has attacked BBC, Adobe and Bank of America websites in the past, causing the targets significant damage.
How the Hackers Got In
CNet is built on the Symfony framework, which is a software that allows developers to put together and run massive websites like CNet.
The hacking group claims to have exploited a weakness in the Symfony framework to hack into CNet’s servers.
CNet is a heavily socially integrated website that allows users to log in using their social media user profiles. CNet continues to console its users that their data is safe but no real evidence has surfaced to support or invalidate the statement.
The Danger Behind Closed Doors
CNet did not issue an official to its users release on the matter and instead chose to publish a regular news piece on the subject that seemed as if it was attempting to down-play the incident.
Whether or not the incident was a legitimate hack-attack by a good Samaritan group of hackers or if the user database will be sold in the black-market remains to be seen.
The internet black-market is a dangerous place where virtual identities and user account credentials are bought and sold after they have been hacked. News about black-market’s transactions rarely surfaces and only comes out when the stolen user-data has already been exploited to carry out hack attacks.
Recommendations for CNet Users
If you have ever registered yourself on CNet or linked a Facebook, Twitter or LinkedIn account to CNet then now is the time to change all your passwords immediately.
Keep following the news about the hack-attack for any new developments. CNet is being cautious about the issue so you will have to keep checking twitter and other websites.
Use a VPN to encrypt all your data so that any hackers targeting you are unable to gather the last bit of data necessary to steal your identity and destroy your life