Home Yahoo Games Hit By Shellshock Bug, Researcher Reports

Yahoo Games Hit By Shellshock Bug, Researcher Reports

The Shellshock bug is bad news, and Yahoo may’ve just found out first hand. 

At least two servers for Yahoo Games were allegedly breached in a hack discovered by security researcher Jonathan Hall.  

Hall says he found evidence that Romanian hackers gained access to at least two of Yahoo’s servers by exploiting the Shellshock bug, a vulnerability in bash, a low-level program used to execute other programs. By exploiting the bug, hackers can gain remote access of servers and systems. Hall said Yahoo’s servers were vulnerable because they were using an older version of bash.

Hall, a Unix expert with Future South Technologies, offers a lengthy explanation on the tech consulting firm’s website, where he describes how he tracked the breach to Yahoo’s game servers. Hall also shares an email he says he received from Yahoo confirming the breach. Since millions of people play Yahoo games every day, they make an ideal target for hackers. 

See also: Everything You Need To Know About The Shellshock Bug

If hackers gained control of a Yahoo server using Shellshock, they could potentially steal user information, deliver malware to vulnerable computers and take control of the system. So you’d think Yahoo would be grateful for the information. Hall, however, claims Yahoo did not reward him for the discovery, instead telling Hall that his findings didn’t qualify for its bug bounty program.

“I literally gave them two servers that were hacked, of which there were most likely more—without a doubt—considering one gets a public DNS response of a private IP address… And that doesn’t qualify? What a joke,” Hall posted on Reddit.

Yahoo has a poor track record when it comes to rewarding security researchers who uncover serious flaws, Mashable notes. Where a similar bug might net five figures at Facebook, Yahoo is more in the habit of awarding $25 vouchers which can be used to purchase t-shirts, pens and other items from Yahoo’s company store. 

Photo via Shutterstock

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.