Apparently, Yahoo servers have been compromised by Romanian hackers over the weekend.Up till now, this is the first confirmed case of a major firm being hit with Shellshock Vulnerability. Security researcher Jonathan Hall says that he has found evidence that Romanian hackers used the Shellshock bug to gain access to Yahoo servers.
Shellshock bug that could expose vulnerabilities in millions of systems and web servers was identified on September 24. This vulnerability could allow attackers to execute any commands on an affected system.
After the disclosure of Shellshock bug, Hall used a Google search to find servers that had been left vulnerable to Shellshock. The list of hacked servers included dip4.gq1.yahoo.com and api118.sports.gq1.yahoo.com. Hall added that hackers were slowly exploring the network in search of the popular Yahoo! Games servers.
According to Hall, millions of people visit Yahoo Games every day, which are Java-based. Considering that Shellshock allows attackers to fully control the compromised server, there are chances that attackers can steal user data, create DDoS attacks and insert malware on the infected computer.
Hall, who is also the president of Future South Technologies, said that Yahoo’s servers were vulnerable to attack because they were using an old version of Bash. He added that it is a very serious breach and could affect every consumer that uses Yahoo! for emailing, shopping or even for playing game.
Further to the research carried by Jonathan Hall, Yahoo! confirmed to the Public Investigator on Monday that few of its servers were vulnerable and they are patching their system. However, no user data — such as personal information and user names had been stolen.
However, Yahoo CISO (Chief Information Security Officer) Alex Stamos confirmed that three of their Yahoo Sports API servers were infected with malware by hackers looking for webservers vulnerable to the Shellshock vulnerability, but the exploits were not related to Shellshock. Those servers, which provide live game streaming, do not store user data, hence, no user data was accessed.
He also said that this vulnerability was specific to a small number of machines and has been fixed, and they have added this pattern to their CI/CD code scanners to detect future threats.
Moreover, on a positive note, Yahoo said that they focus on delivering the most secure experience possible for all its users and are constantly working to protect their users’ data.