Attackers hit Yahoo using the Shellshock bug, but your data is safe

Updated ·1 min read
Yahoo headquarters
Yahoo headquarters

Looks like it didn't take long for the Shellshock security flaw to claim its first major victim. Yahoo has confirmed to both Future South Technologies and SecurityWeek that hackers used the command line exploit to breach at least two of its servers. Future South's Jonathan Hall found that the Romania-based intruders were using Shellshock to slowly hijack servers (including those of other companies) and build up an "arsenal" for hitting increasingly valuable targets, particularly Yahoo Games.

Yahoo is quick to note that there's "no evidence" the perpetrators compromised any data, so you probably won't be scrambling to change your password in the near future. The tech firm also cut off the affected systems from the outside world, and has been patching up servers to prevent future Shellshock strikes (insofar as it can, anyway). That's all good to hear, but Hall says that the consequences of the attacks might have been much, much worse -- if the hackers were more aggressive, they could have swiped email accounts and other precious info.

[Image credit: Justin Sullivan/Getty Images]