Popular technology news and review website CNET faced the threat of having a million users' data exposed this week, with an unknown attacker posting screenshots of data from a CNET server, and demanding a surprisingly small ransom - one Bitcoin.
A Twitter user naming himself “worm” contacted the site, according to CNET’s Seth Rosenblatt, and said that his group, identified by CNET as Russian hackers, had access to a database of registered user data.
Direct messages sent to CNET claimed that the database leak included email addresses, names and encrypted passwords. An image posted to the site, and shown by Forbes, indicated that the persons responsible could access files on the server.
Database leak - 'users safe for now'
“Worm” avoided giving details of the exploit in his communication with the site - which Beta News suggests should be reassuring to CNET users. Neither the database details nor the means of getting to them have been leaked thus far.
Beta News quotes Worm’s response as “But I principled that something would not sell it if rasprostronenie [distribute] source code -- a step to improve safety. SNET [sic] sale bd for me crime, information about the sale move to the aggravation of the situation around hacking".
Security news reports on the incident have offered several explanations for how Worm could have accessed the data. The Twitter messages suggested that the same group had been behind attacks on high-profile targets such as Bank of America, Adobe and the BBC, according to the BBC’s report.
Group 'behind high-profile attacks'
The person or group claimed that the demand for one Bitcoin (valued at $622, via xe.com) was merely designed to increase security news publicity for the database leak. The BBC reports that the group said, via direct message, "[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright.”
Forbes reports that Jenn Boscacci, senior manager of corporate communications at CNET, said, ““Here’s the situation, a few servers were accessed. We identified the issue and resolved it yesterday. We will continue to monitor.”