A screen grab of a database stolen from the systems of Wall Street Journal has been published on Twitter by a hacker that has been previously involved in similar incidents affecting other news publications.The hacker, posting on the micro-blogging platform under the handle “w0rm” (@rev_priv8), showed the image as proof of the nefarious deed, which seems to have provided access to user credentials.
In a subsequent tweet, the hacker offered to sell it to anyone who would send a single Bitcoin ($623 / €462) to a specified address.
The perpetrator also announced that the systems of Vice.com have been hacked as well, showing the proof with another screenshot of the extracted database.
It appears that the stolen details consist of email addresses, usernames, encrypted passwords, along with privileges of the user, log in attempts and the time of the last visit.
No additional information about the two incidents is available at the moment, but the publications are looking into the matter.
w0rm is not at his first such attempt, the most recent incident targeting information from CNET’s internal systems. The same monetary demand was asked at that time, although it is unclear if a buyer was found and if the transaction was completed.
At the time, a representative for CBS Interactive, the company that owns the CNET publication, said that a few servers had indeed been accessed and that the issue had been identified and fixed; it referred to a security flaw in the implementation of the Symfony PHP framework.
Information on w0rm indicates that he is also in the game of selling vulnerabilities, asking $1,000 / €742 for disclosing an osCommerce and a PayPal SQLi glitch.
Given the small amount requested for the databases extracted from the Wall Street Journal and Vice, the hacker appears to continue work on building a reputation and notoriety, a motivation that was given in the case of the CNET hack, too.
On Sunday, the Facebook account of the Wall Street Journal has been hijacked for a brief period of time by unknown individual(s). They posted that contact with the Air Force One had been lost as the aircraft flew over Russian airspace, raising suspicions of a crash.
A few minutes later, another fake post announced that Vice President Joe Biden would address the nation shortly.
The owners of the Facebook account quickly regained control, and after about 20 minutes, they informed of the compromise, promising to investigate the issue. The fake posts were deleted.