No user data lost in Yahoo server hack

Yahoo has said no user data was lost when hackers breached its servers.

The web firm was alerted to the breach by security experts seeking computers vulnerable to the recently discovered Shellshock bug.

Shellshock is a flaw found in many widely used versions of the Unix operating system.

Although the Yahoo servers were vulnerable to Shellshock it said attackers used a different vulnerability to get at the machines.

In a statement, Yahoo said that early on 6 October it isolated several servers that it had been informed were vulnerable to compromise via Shellshock.

They were identified as being vulnerable by security researchers scanning servers around the net seeking those running software susceptible to Shellshock. If exploited, the Shellshock bug would allow attackers to run commands as if they were in control of that machine.

“After investigating the situation fully, it turns out that the servers were in fact not affected directly by Shellshock, but by a minor bug in a parsing script,” said Yahoo in a statement.


For more information: