Now that’s a first, CNET is reporting that CNET got hacked. I don’t if should laugh or cry. All kidding aside, CNET joins the non-exclusive “breached club” of highly popular websites that have been compromised in one way or another. A few weeks ago, it was Dailymotion, and before that it was hundred more. A Russian group is claiming that it stole 1M usernames, emails and passwords. Supposedly, the attackers exploited a vulnerability in the Symfony PHP Framework. CNET is owned by CBS Interactive. This incident is very unfortunate, and could have been avoided.
The takeway is any company that uses a framework of any kind, or open source libraries should at a minimum use a tool like Contrast Security, to analyze every single line of code, especially when their using open source libraries. Contrast Security can be set up in minutes, and it works in real time. And for a company the size of CBS, its makes sense to hire an external 3rd party security company to review the entire code set for vulnerabilities, before releasing it to the public. CNET is also using Akamai. If I’m Akamai, I see this as an opportunity to expand the security portfolio, and build services that detect suspicious behavior, and prevent the leakage of sensitive information.