A Russian hacking group called W0rm has gained access to CNET's database of more than one million registered users by taking advantage of hole in the Symfony framework on the CNET website.

The security hole exploitation allowed the hackers to gain access to usernames, emails and encrypted passwords.

If you happen to use CNET - it would be a wise move to change your information ASAP.

According to Bitdefender's Hot for Security blog, CNET does not appear to have reached out to affected users to inform them of the security breach – but it has posted a news story about the hack, where CNET spokeswoman Jen Boscacci is quoted as acknowledging that “a few servers were accessed” and that the company “identified the issue and resolved it a few days ago.”



No details have been shared of how the CNET passwords might have been secured – in other words, what algorithm was used, and whether the passwords were salted and hashed, which would make them much more difficult for malicious hackers to extract and exploit.

Yesterday, the database was offered for sale via Twitter for the somewhat small price of 1 bitcoin (approximately $622), but the hacking group’s spokesperson confirmed that this was being done primarily to gain attention.

W0rm has claimed responsibility for hacking the BBC, Adobe, and Bank of America websites in the not so distant past.