Leave a comment

1 million usernames, email addresses and encrypted passwords compromised

If you have ever been a member of CNET or created an account at CNET, listen up! You need to act immediately to protect your personal information.

The website CNET was targeted by a Russian hacker group calling themselves w0rm. And the hackers got through in a HUGE way!

CNET's servers were broken into, and w0rm claims to have stolen over a million usernames, email addresses, passwords and likely more. If you're techie and want to know how, a security hole in the Symfony PHP framework was exploited, but CNET's not revealing any of the details.

The hackers sent CNET a tweet with a screenshot of the database source code that you can see below.

@rev_priv8: https//w0rm.in/cnet.com.tar.gz cnet hacked, here is src of www.

This means you have some work to do. Sigh.

The hackers threatened to sell the database online to the highest bidder. CNET says that the situation has been resolved, but it doesn't change the fact that your information is still at risk.

If you're a subscriber of CNET or have created an account with them, you need to change your password and information immediately. The longer you wait to update your information, the more you leave a window open for criminals to steal your personal information and use it against you.

This is especially dangerous if you use the same username or email address along with the same password at sites other than CNET. Below is a list of CNET's sister sites where you should also change your passwords.

  • bnet.com
  • CBS.com
  • chat.com
  • computers.com
  • download.com
  • help.com
  • mp3.com
  • news.com
  • radio.com
  • search.com
  • shopper.com
  • techrepublic.com
  • TV.com
  • upload.com
  • zdnet.com

I have all the information you need about how to update all of your online accounts. Follow the steps below and you'll be able to salvage your security.

MAKE NEW PASSWORDS

If you're changing your passwords, obviously you need to make new ones. Be sure they're strong and unique for every site. Click here for my steps to creating strong, unique passwords that are easy to remember.

If you're changing information on multiple sites, you should make a list of everything you're changing before you begin.

Bonus tip: Don't forget to beef up your security questions while you're at it.

If you're worried about remembering your passwords, you can use a password manager like KeePass. This will store your passwords in an encrypted file, and you only need to remember one password to open it. It can even make super-secure passwords for you.

CHANGE YOUR PASSWORDS

Visit CNET and log in to your account like you normally would. The option to change your password is usually under the Profile or Settings section.

If you don't remember your password or are having trouble finding where to change it, click the "Forgot password" link. This is usually near the sign-in area and will eventually land you on the page to set a new password.

Bonus tip: If the site is one you haven't used in a while, think about if you actually need an account. If you don't, close out your account or replace your information with junk information. A site like AccountKiller will tell you how to close your account on most major websites.

Once you've changed a password, cross that account off your list and move on to the next one. Once you're done, keep the list handy for reference in case a site you might have forgotten pops into your head later. You can check to see if you already hit it.

AVOID SCAMS

Scammers are going to use this CNET situation to try to trick you. Lots of real sites are sending out email asking you to change your password. Scammers are going to try slipping some fake email into your inbox as well.

The ironclad rule is to never click on an email link to change your password (or for any other in an unsolicited email). Always go to the site yourself and follow the directions I gave above.

Links in fake email will take you to malicious sites, or a page that looks like the legitimate site's login page. If you put in your password, hackers will have full access to your real account. So, be careful.

Want the latest on the CNET hack and other new threats? Be sure to visit my blog regularly.

View Comments ()
Net Neutrality advocates strain FCC servers, deadline to protest extended
Previous Happening Now

Net Neutrality advocates strain FCC servers, deadline to protest extended

Which is the scariest U.S. state?
Next Happening Now

Which is the scariest U.S. state?