Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.
W0rm, according to Komarov, is the same individual previously known as “Rev0lver” and “Hash,” a Russian hacker who tried to sell access to the BBC’s servers last December and attacked the Web servers of Vice Media earlier this year. At 5:30pm ET on July 21, he posted a screenshot to Twitter that showed the e-mail address, username, and hashed password for the database admin on a wsj.com server. He offered to sell the full dump of the database table of authorized users for one bitcoin through an exploit marketplace at w0rm.in.
According to The Journal, Dow Jones has taken the servers offline to isolate them and prevent further intrusions into their systems. A spokeperson for the company said, “At this point we see no evidence of any impact to Dow Jones Customers or customer data.”