Romanian hackers have hacked Yahoo this weekend by making use of the ShellShock vulnerability. Jonathan Hall President of Future South technologies (A security research company) has reached out to both Yahoo and the FBI about this vulnerability as the hackers after getting access to Yahoo’s servers are now trying to gain access to Yahoo’s games servers a service that lets users download and play (among many) casino-like games and presumably, some financial information could be exposed this way.
The vulnerability has allowed hackers to take complete control of the system, it has even allowed them to install various programs and run commands. Jonathan Hall has also emailed the CEO of Yahoo Marissa Mayer about this issue (full email can be read here) who gave an official response:
In the email, Mayer confirms that they are aware of the exploit and are working hard on fixing the issue. Many big tech sites were completely aware of the danger that these vulnerabilities impose on their systems but according to tech site, Pando companies often won’t fix something they don’t perceive as broken until customers voice their concerns. Other websites that have been affected by the shellshock vulnerability are WinZip and Lycos. Other than Mayers email, no official statement from Yahoo has been given.