Attackers hit Yahoo using the Shellshock bug, but your data is safe

Sponsored Links

Attackers hit Yahoo using the Shellshock bug, but your data is safe

Looks like it didn't take long for the Shellshock security flaw to claim its first major victim. Yahoo has confirmed to both Future South Technologies and SecurityWeek that hackers used the command line exploit to breach at least two of its servers. Future South's Jonathan Hall found that the Romania-based intruders were using Shellshock to slowly hijack servers (including those of other companies) and build up an "arsenal" for hitting increasingly valuable targets, particularly Yahoo Games.

Yahoo is quick to note that there's "no evidence" the perpetrators compromised any data, so you probably won't be scrambling to change your password in the near future. The tech firm also cut off the affected systems from the outside world, and has been patching up servers to prevent future Shellshock strikes (insofar as it can, anyway). That's all good to hear, but Hall says that the consequences of the attacks might have been much, much worse -- if the hackers were more aggressive, they could have swiped email accounts and other precious info.

[Image credit: Justin Sullivan/Getty Images]

Engadget was owned by Verizon between June 2015 and September 2021. Engadget's parent company is now Yahoo Inc.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget