This article is more than 1 year old
Hacker claims breach of Wall Street Journal and Vice websites, punts 'user data' for sale
Also supposedly hit a gadgets site called 'CNET'
A hacker known for attacking news websites has claimed successful hacks against both the Wall Street Journal and Vice.
An individual going under the handle "w0rm" posted screenshots in a bid to substantiate his claims of hacks against the WSJ (here) and Vice (here) before offering to sell stolen databases from both publications for 1 BTC apiece ($620).
These screenshots appear to show extracted strings from stolen databases with users' credentials.
w0rm's hack claims are credible but unconfirmed, according to El Reg's security sources.
http://t.co/nARxb9hXUJ #hacked pic.twitter.com/OPw8fDmhuc
— w0rm (@rev_priv8) July 21, 2014
#vice pic.twitter.com/8HeQ009KV5
— w0rm (@rev_priv8) July 21, 2014
We invited the Wall Street Journal and Vice to comment on the reported hacks but are yet to hear back. We'll update this story as and when we hear more.
Comment
Last weekend hackers hijacked the Wall Street Journal’s Facebook page to falsely claim that Air Force One had gone missing over Russian airspace, a claim likely to spook the US public especially in the wake of the unfolding MH17 shot-down airline disaster in eastern Ukraine. It's unclear whether or not the two incidents are linked.
The whole security flap follows just days after w0rm claimed responsibility for an attack against a gadget website named CNET, a claim he followed up with an offer to flog off a CNET database supposedly containing one million usernames, passwords and email addresses. He also offered to sell the website's operators a protection system.
The hack was reportedly pulled off by exploiting flaws in the Symfony PHP framework used by the CNET site.
The CNET team downplayed the incident, saying only a "few servers were accessed" and the problem was quickly contained and resolved.
"We identified the issue and resolved it a few days ago," a spokesman told El Reg. "We continue to monitor and are investigating for any potential impact."
w0rm was previously linked to a high-profile hack against the BBC last December. He previously used nicknames including "rev0lver" or "rev", according to El Reg's sources.
The hacker is thought to be primarily financially motivated. He trades stolen databases with other cybercriminals and spammers through underground forums. w0rm is also thought to have a finger in the murky world of computer exploit sales. ®