Feeds

Hacker claims breach of Wall Street Journal and Vice websites, punts 'user data' for sale

Also supposedly hit a gadgets site called 'CNET'

Internet Security Threat Report 2014

A hacker known for attacking news websites has claimed successful hacks against both the Wall Street Journal and Vice.

An individual going under the handle "w0rm" posted screenshots in a bid to substantiate his claims of hacks against the WSJ (here) and Vice (here) before offering to sell stolen databases from both publications for 1 BTC apiece ($620).

These screenshots appear to show extracted strings from stolen databases with users' credentials.

w0rm's hack claims are credible but unconfirmed, according to El Reg's security sources.

We invited the Wall Street Journal and Vice to comment on the reported hacks but are yet to hear back. We'll update this story as and when we hear more.

Comment

Last weekend hackers hijacked the Wall Street Journal’s Facebook page to falsely claim that Air Force One had gone missing over Russian airspace, a claim likely to spook the US public especially in the wake of the unfolding MH17 shot-down airline disaster in eastern Ukraine. It's unclear whether or not the two incidents are linked.

The whole security flap follows just days after w0rm claimed responsibility for an attack against a gadget website named CNET, a claim he followed up with an offer to flog off a CNET database supposedly containing one million usernames, passwords and email addresses. He also offered to sell the website's operators a protection system.

The hack was reportedly pulled off by exploiting flaws in the Symfony PHP framework used by the CNET site.

The CNET team downplayed the incident, saying only a "few servers were accessed" and the problem was quickly contained and resolved.

"We identified the issue and resolved it a few days ago," a spokesman told El Reg. "We continue to monitor and are investigating for any potential impact."

w0rm was previously linked to a high-profile hack against the BBC last December. He previously used nicknames including "rev0lver" or "rev", according to El Reg's sources.

The hacker is thought to be primarily financially motivated. He trades stolen databases with other cybercriminals and spammers through underground forums. w0rm is also thought to have a finger in the murky world of computer exploit sales. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.