Hackers Compromise Yahoo! Servers

Hackers have breached Yahoo’s servers over the past few weeks by allegedly using the Shellshock bug, according to Future South’s blog post.

If true, it may be the first confirmed exploitation of the Shellshock vulnerability, as at least two Yahoo Games servers have been breached due to an outdated bash version.

“This breach is very serious, and jeopardizes every consumer that uses Yahoo! in any manner, from shopping to email, and even game playing,” said Jonathan Hall of Future South Technologies. “I`ve notified both Yahoo! and the FBI New Orleans field office of the infiltration, but in my eyes, they really aren`t seeing the severity and danger of this situation, and really are not reacting quick enough.”

Romanian hackers seem to be the perpetrators to blame for infiltrating Yahoo’s servers, as they were “working on further infiltrating the Yahoo! Network.”

The two Yahoo servers found by Hall compromised are “dip4.gq1.yahoo.com” and “api118.sports.gq1.yahoo.com” while he didn’t rule out others being compromised.

At first, Yahoo responded that, as soon as it became aware of the Shellshock bug, it began patching its systems and started closely monitoring its networks.

“Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data,” a Yahoo spokesperson told Security Week.

Later, Yahoo CISO Alex Stamos stated that three servers of Yahoo`s Sports API had “malicious code executed on them” targeting possibly Shellshock-vulnerable servers.

“These attackers had mutated their exploit, likely with the goal of bypassing IDS/IDP or WAF filters,” Stamos said. “This mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs.”

Yahoo`s servers were only used to serve live game streaming on Yahoo`s Sports front-end and had no data stored on them. Yet we can be certain of one thing; Shellshock or no Shellshock, its servers have been compromised.