An Egyptian hacker who calls himself ViruS_HimA is claiming to have breached Yahoo’s security systems following similar attacks on other companies. He allegedly has full access to the servers for at least two of Yahoo’s domains.
Last month, ViruS_HimA claimed to have stolen login credentials of 150,000 Adobe customers and partners on the company’s ConnectUsers.com forum, and released some 230 names, email addresses, and hashed passwords from the company’s database as proof. Adobe temporarily shut down the site where customers share information about using its Connect online conferencing service to address the issue.
The first is having access to a “full file backup” of one of Yahoo’s domains, which he says leads to full access on the server for said domain:
The second is full access to 12 Yahoo databases, which again he says leads to full access on the server for said domain:
The third is the discovery of a reflected cross site scripting (XSS) vulnerability:
In all three cases, there is a potential of obtaining a lot of user data, much of which could be potentially very sensitive. That being said, none of these look as if they are for any of Yahoo’s main sites, though we can’t be sure. ViruS_HimA promises he will never share, sell, or publish the Adobe and Yahoo user data he has discovered, nor the exploits with which he gained access to them.
Furthermore, he claims to has found “tens of 0days vulnerabilities” in the sites belonging to Adobe, Microsoft, Yahoo, Google, Apple, Facebook, “and many more” but chooses to report the vulnerabilities to the vendors. While the others were quick to reply and address the security vulnerability in question, he says Adobe was slow to answer and that Yahoo never got back to him. As such, he “decided to teach both of them a hard lesson” to help them address their security deficiencies.
This plan caused Adobe to sit up and take notice, according to ViruS_HimA, so now he’s doing it for Yahoo as well. Instead of publishing some of the data, like he did for Adobe, the hacker claims he is simply publishing proof of access since he has “already gained the trustworthy [he] was looking for.”
We have contacted Yahoo about this issue. We will update this article if we hear back.
Update at 6:30PM EST: Yahoo is investigating the claims. The company says it has no reason to believe users have been affected at this time.
“Thanks for contacting us regarding this matter,” a Yahoo spokesperson said in a statement. “At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We are aware of a recent online posting regarding vulnerabilities in our systems. We are investigating these claims and will work diligently to fix any vulnerabilities that are found. At this time, we confirm that there has been no user impact associated with these claims.”
Image credit: Jean-Francois Drouin