If you haven't seen my coverage of the supposed hack of a reported data breach at Yahoo Games, you can click here to check it out.
Yahoo released more detail about the hack, and here are facts straight from the horse's mouth:
- Yahoo Games was not affected by Shellshock
- No data was stolen
- A few "isolated" servers were breached which didn't leak valuable user information
- The hack came from Romanian IP addresses
- Yahoo was breached when hackers exploited a vulnerable process on the affected servers
People still have their doubts, though.
Johnathan Hall, president and senior engineer at Future South Technologies, thinks that Yahoo should publish their server logs publicly. He isn't sure that the company wasn't breached by a Shellshock vulnerability.
Hall had this to say about the breach on his blog:
This breach is very serious, and jeopardizes every consumer that uses Yahoo! in any manner, from shopping to email, and even game playing.
Why does Hall think that Yahoo may have been breached by Shellshock? To avoid the embarrassment of being breached by an easy-to-avoid exploit that can be fixed by updating your server.
Either way, your data is safe according to Yahoo. That's good to hear.
Want more security updates?
- See which banks withstood the same hack that cracked JPMorgan
- Kmart's payment server hacked: 1,300 stores affected
- Target CEO resigns over massive data breach