Hackers Offer Stolen CNET Database for Bitcoin in Publicity Stunt

Russian hacking group wOrm, which managed to steal CNET’s user database, offered to sell the information for 1 BTC.

AccessTimeIconJul 16, 2014 at 1:20 p.m. UTC
Updated Sep 11, 2021 at 10:59 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A group of Russian hackers that managed to steal CNET’s user database has made that information available for bitcoin, in what seems like a publicity stunt.

The group, which calls itself 'wOrm', says the database contains the accounts of more than a million users, including their usernames, emails, passwords and other information.

The asking price for the source code and the database was 1 BTC, roughly $615 at the time of writing. However, CNET was later told that the group has no plans to decrypt the passwords or to complete the sale of the database.

The offer, which was apparently made to gain attention for the group's "altruistic" work, was quickly rescinded. WOrm has previously carried out similar attacks on websites belonging to the BBC, Adobe Systems and Bank of America.

CNET admits breach

CNET confirmed the attack and admitted that several servers were accessed and compromised. The security flaw that allowed the breach has since been patched, but the hackers managed to steal a significant amount of data before the attack was detected and addressed.

The hackers say they exploited a hole in CNET’s implementation of the Symfony PHP framework. Although the group initially offered to sell the database, it insists its main motivation is security awareness.

"We are driven to make the Internet a better and safer [place] rather than a desire to protect copyright. I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws," a wOrm member told CNET via twitter.

No cause for alarm?

CNET has not advised its users to change their passwords yet, as the compromised passwords were encrypted and wOrm has stated it will not try to decrypt them.

Web security expert Robert Hansen agrees CNET readers are not at risk. He points out that the hackers were careful not to reveal the “full path to the actual exploit” and that it informed the public of the attack.

"It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," Hansen said.

Hacker image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.