Popular technology review website CNET had to clean a Russian hacker out of some of its servers over the weekend.
A Twitter user going by the name of w0rm and the handle @rev-priv8 posted an image of remote access to a CNET.com server, with a screenshot of a shell proving a compromise of the site.
CNET has not said much at the minute about the nature of the attack or the data that may or may not have been stolen.
“Here’s the situation, a few servers were accessed. We identified the issue and resolved it yesterday. We will continue to monitor,” said Jen Boscacci, senior manager of corporate communications at CNET, on Sunday.
The image posted on Twitter indicates that the hacker could access and upload files to the website. It’s pretty difficult to say how they did it, though. One source suggested it was likely a content management system breach – something like a WordPress or Joomla exploit.
Looking at the aforementioned Twitter account, information on the history of the hacker, who is likely Russian looking at the screenshot shows that they appeared to have been involved in a breach of the BBC last year and have been running a website where members can show off their exploits, w0rm (dot) pw.