updated 10:47 am EDT, Tue July 15, 2014
W0rm interested in publicizing security holes, not motivated by profit
Purported white-hat Russian hacker group w0rm has attacked tech news website CNet. The group claims that it has usernames, email addresses, and encrypted passwords for one million users of its information services. A tweet on Monday by the group confirmed the attack, but even after a sale offer for a single Bitcoin was made, the group claims to be interested in drawing attention to security and "nothing more."
"[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright," a representative from W0rm said in a Twitter exchange on Monday. "I want to note that the experts responsible for bezopastnost [security] in CNet do very good work, but not without flaws."
The attack was made through a security hole in the Symfony PHP frameworks. Symfony is a product designed to build robust applications in an enterprise context, and aims to give developers full control over the configuration. Nearly the entire suite can be customized to match enterprise development guidelines.
CNet says of the attack that "a few servers were accessed," with resolution "a few days ago," but has yet to issue guidance to users on the attack.