A representative from the team going with the handle @rev_priv8 posted an Image on the twitter Containing a shell on the CNET’s server, which can allow them remote access on the website.
In a conversation with The CNET on twitter the hacker said that they stole a database of usernames, emails, and encrypted passwords from CNET’s servers which includes data on more than 1 million users.
|(Screenshot posted by the W0rm on their twitter account over the CNET hack )
W0rm said they hacked into CNET’s servers through a security hole in CNET.com’s implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.
A spokeswoman from CBS Interactive, the site’s owner, confirmed the breach and said “a few servers were accessed” by the intruder. “We identified the issue and resolved it a few days ago. We will continue to monitor,” for potential impact.
The hacker group tweeted that they will sell the database for 1 bitcoin about $622. But later on the group’s spokesperson said they offered to sell the database to gain attention — “nothing more.” they will not sell the database or decrypt the passwords, he said.
W0rm claims that its goal is to raise cyber security awareness they hacked the CNET servers to improve the overall security not to harm the website. the group also claims to have hacked the BBC last year, as well as earlier hacks of Adobe Systems and Bank of America websites.