Another major publisher's networks and web services have been hacked.


According to published reports from The Wall Street Journal, their news graphics computer network has been hacked.


WSJ-twitter-logoThe WSJ reports that no damage has been done to their graphics systems and also went on to say that they believe customer data remains safe, but then went on to say that they have retained the services of IntelCrawler, a Los Angeles-based cybersecurity firm, who brought the hack to their attention.

The hacker, who calls himself "w0rm," alleges to have founded Worm.in: an online market for trading cyber vulnerabilities. 


w0rm is threatening to sell both user information and the credentials required to control the Journal's servers, and is offering user credentials and the information required to control the server. According to a tweet, which contained an alleged screen capture from the WSJ's server database, w0rm is offering access for payment in one Bitcoin: approximately $620 at the time of writing.


WSJ db capture - via Twitter


If w0rm has achieved the kind of capability he claims, he could, potentially, modify articles, adding new web content, and insert malicious content in pages hosted at the WSJ website.  He could potentially add and delete site users as well. 


Andrew Komarov, chief executive of IntelCrawler, explained that his team initially discovered the vulnerability used by the hacker and confirmed that it could give an attacker the access claimed.  Komarov added his firm has been monitoring w0rm for some time.


If you're a subscriber of the Wall Street Journal's online edition, this might be a good time to change your wsj.com password.


For information on selecting a strong password, check out, "Passwords, the Bane of Any IT Manager"




Bruce Barnes, owner of ChicagoNetTech, is an active member of the SmarterTools online support team who's posts can be found on the SmarterTools Technical Support Forums.