The bash/Shellshock exploit has hit Yahoo’s gaming servers. But, the company says that no customer data was leaked.
The exploits were first discovered by security researcher, Jonathan Hall. Hall pointed to two Yahoo Games servers that had been exploited. After Yahoo was contacted by Security Week it issued the following statement:
A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.
The bash/Shellshock exploit is an Unix SSH based security problem that allows nefarious characters to take over a computer or server via the command line. Companies have been patching their servers since the exploit was discovered. Apparently, Yahoo hadn’t gotten around to its Yahoo Games servers.
➤ Hackers Compromised Yahoo Servers Using Shellshock Bug [Security Week]