Cyber Incident Victim: Vice Media

On July 21, 2014, a hacker or group identifying as W0rm claimed via Twitter to have compromised Vice.com and The Wall Street Journal's websites, accompanied by screenshots as evidence. The threat actor announced intentions to sell each stolen database for one Bitcoin. Vice.com confirmed the following day that an exploit had allowed unauthorized access to its content management system (CMS) user list, which contained email addresses and cryptographically hashed passwords. The company emphasized that the hashed passwords remained unusable without decryption and stated no website defacement or user account compromises occurred beyond the CMS access. Vice.com patched the vulnerability, reset all affected passwords as a precaution, and characterized the incident as limited to the CMS user credentials. The Wall Street Journal's publisher, Dow Jones & Company, did not publicly confirm or deny the alleged breach at the time of reporting, though the article noted a separate recent compromise of the newspaper’s Facebook account involving a false post about Air Force One.

W0rm had previously targeted technology news site CNET on July 12, 2014, using identical tactics: tweeting screenshots of breached data and offering the database for one Bitcoin. CNET acknowledged the attack two days later, confirming theft of usernames, email addresses, and encrypted passwords for over one million users. During a Twitter exchange with CNET, W0rm claimed its primary objective was highlighting security vulnerabilities rather than profiting from data decryption or sales. Subsequent investigation by IntelCrawler CEO Andrew Komarov, reported in an update to the original article, identified W0rm as a lone individual using the alias Rev0lver, contradicting initial characterizations of the actor as a group. The Vice.com breach represented part of a pattern targeting media organizations, with W0rm leveraging public disclosures via social media to amplify attention to the intrusions.