Yahoo servers breached via Shellshock bug

Remember the shellshock bug that caused a lot of hoopla in recent weeks? According to Future South Technologies security researcher Jonathon Hall, some of Yahoo's servers have been breached by hackers via the security vulnerability. The researcher took to Reddit to talk about his discovery, saying that he had contacted Yahoo before going public, but then had to eventually contact both the FBI and "several media outlets" before the company responded to his message. In its response, according to Hall, Yahoo confirmed the security breach.

Hall detailed the problem more extensively on the Future South website, where he says he elected to make it public due to what he has "deemed as an improper response, or lack thereof, to resolving the issue from certain key companies contacted, as well as the FBI." He said Yahoo failed to respond entirely, even when he emailed Marissa Mayer directly.

The breach was said to affect Yahoo Games servers, which Yahoo confirmed later on with Hall via email, according to the researcher. In a statement to the folks at SecurityWeek, a Yahoo spokesperson said that after Shellshock came to light, the company "began patching our systems and have been closely monitoring our network."

On October 5, according to the spokesperson, Yahoo "isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data." According to Hall, both WinZip.com and Lycos have also been breached due to the Shellshock bug.

SOURCE: Security Week