Yahoo Denies Shellshock Flaw Led To Hack Attack

Hackers have exploited a vulnerability to infiltrate Yahoo's servers - but the firm has denied it was the notorious Shellshock flaw and says no user data was put at risk.

A report by Future South Technologies claimed Yahoo had failed to patch the well-known Shellshock vulnerability, which some people have described as more serious than the Heartbleed bug discovered earlier this year.

But Yahoo said it had patched the flaw before the attack, and that it was another part of its system that was exploited.

A post of the security firm's blog said: "This breach affects all of us in one way or another, and it's crucial that this problem be resolved with haste.

"I notified the FBI of the breach, and also attempted to contact Yahoo! several times.

"Though the FBI seemed intrigued by this, in my opinion, they aren't moving with any form of haste. And every minute that goes by jeopardises the safety of yours and my personal information, financial data and much much more."

Also known as the Bash bug, Shellshock is a flaw apparent in the majority of computers that run Linux and Unix, including Apple's Mac OS X.

Yahoo said the exploit was unrelated to Shellshock, and said it was a different vulnerability specific to a debugging script Yahoo was running at the time of the attacks.

Yahoo's chief information security officer wrote in a blog post: "Earlier today, we reported that we isolated a handful of servers that were detected to have been impacted by a security flaw.

"After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock."

A spokesman said the breach was isolated and no user data was housed on the affected servers.