CHINA TOPIX

12/22/2024 08:34:16 pm

Make CT Your Homepage

Yahoo Hit by Shellshock Variant, Claims 'No User Data was at Risk'

Yahoo headquarters

Yahoo's search share spiked in December, following Firefox's default search engine adoption.

Internet giant Yahoo announced Monday that no user information was compromised in a hack attack on its servers exploiting the Bash bug vulnerability over the past two weeks.

Internet addresses point to Yahoo Sports servers as the compromised servers, according to a report by Jonathan Hall, president of Future South Technologies published Sunday night. The report also stated that WinZip, a file compression tool, and Lycos, a search engine created in 1994, were susceptible to the Bash bug.

Like Us on Facebook

The Bash bug, also known as the Shellshock bug or Shellshocker, is a 25-year old weakness that lets malicious codes run inside a bash shell, which is a simple and common interface for delivering commands to a computer. The Shellshock vulnerability can potentially be used to obtain private data or gain control of a computer.

Yahoo confirmed Monday afternoon it had identified a "handful" of its Internet servers that were exploited by the Shellshock bug. Alex Stamos, Yahoo's chief information security officer, however, later corrected this statement.

"Earlier today, we reported that we isolated a handful of servers that were detected to have been impacted by a security flaw," Stamos wrote in a blog post. "After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock."

He added the cause of the attack was a different kind of vulnerability particular to a script Yahoo was using to debug its servers at the time of the attacks. Stamos also repeated that no customer data was breached during the attack.

"Though the FBI seemed intrigued by this, in my opinion, they aren't moving with any form of haste," he wrote. "And every minute that goes by jeopardizes the safety of yours and my personal information, financial data and much, much more."

Real Time Analytics