Feeds

Hacker claims breach of Wall Street Journal and Vice websites, punts 'user data' for sale

Also supposedly hit a gadgets site called 'CNET'

Providing a secure and efficient Helpdesk

A hacker known for attacking news websites has claimed successful hacks against both the Wall Street Journal and Vice.

An individual going under the handle "w0rm" posted screenshots in a bid to substantiate his claims of hacks against the WSJ (here) and Vice (here) before offering to sell stolen databases from both publications for 1 BTC apiece ($620).

These screenshots appear to show extracted strings from stolen databases with users' credentials.

w0rm's hack claims are credible but unconfirmed, according to El Reg's security sources.

We invited the Wall Street Journal and Vice to comment on the reported hacks but are yet to hear back. We'll update this story as and when we hear more.

Comment

Last weekend hackers hijacked the Wall Street Journal’s Facebook page to falsely claim that Air Force One had gone missing over Russian airspace, a claim likely to spook the US public especially in the wake of the unfolding MH17 shot-down airline disaster in eastern Ukraine. It's unclear whether or not the two incidents are linked.

The whole security flap follows just days after w0rm claimed responsibility for an attack against a gadget website named CNET, a claim he followed up with an offer to flog off a CNET database supposedly containing one million usernames, passwords and email addresses. He also offered to sell the website's operators a protection system.

The hack was reportedly pulled off by exploiting flaws in the Symfony PHP framework used by the CNET site.

The CNET team downplayed the incident, saying only a "few servers were accessed" and the problem was quickly contained and resolved.

"We identified the issue and resolved it a few days ago," a spokesman told El Reg. "We continue to monitor and are investigating for any potential impact."

w0rm was previously linked to a high-profile hack against the BBC last December. He previously used nicknames including "rev0lver" or "rev", according to El Reg's sources.

The hacker is thought to be primarily financially motivated. He trades stolen databases with other cybercriminals and spammers through underground forums. w0rm is also thought to have a finger in the murky world of computer exploit sales. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.