Hackers have managed to breach Yahoo’s servers, although the web firm was relieved to announce that no user data had been compromised.
The BBC reports that Yahoo was made aware of the breach by security experts scanning computers vulnerable to the Shellshock bug, which is a flaw found in many widely used versions of the Unix operating system.
The security researchers discovered that the Yahoo servers were indeed vulnerable to Shellshock, but on this occasion hackers had used a different vulnerability to get at the machines.
Yahoo said in a statement that it responded quickly to the discovery and isolated several servers deemed vulnerable to compromise via Shellshock.
If a machine was to become infected with the Shellshock bug, it would allow attackers to completely take over the system and run commands as they please.
This time, however, Yahoo said it has found “no evidence that user information was affected by this incident”.
The vulnerable servers were used by Yahoo to host live sports updates and news feeds to users.
Alex Stamos, security chief at Yahoo, told the Hacker News wire that the flaw was limited to a small number of machines, which have now been fixed. He added that the pattern has now been included in its code scanners to ensure that this specific bug does not cause issues in the future.
Shellshock is believed to be capable of infiltrating millions of machines. Security firms investigating the flaw have found that some cybercrime groups are using it to take over machines and bring them under a single network that can be used to send out spam or to carry out other attacks.