Yahoo has confirmed that its servers were hacked earlier this week, but it has assured its users that none of their data was compromised in the attack.
Security researchers scanning systems across the web for vulnerabilities related to the recently-identified Shellshock bug had contacted Yahoo yesterday morning to alert the company that some of its servers were vulnerable to the flaw. After isolating the servers in question - which provide live news and sports updates to users - it discovered that they had actually been compromised through an entirely different vulnerability.
In a statement to BBC News, Yahoo said:
After investigating the situation fully, it turns out that the servers were in fact not affected directly by Shellshock, but by a minor bug in a parsing script. After a comprehensive investigation, we have found no evidence that user information was affected by this incident."
Yahoo security chief Alex Stamos said in a separate statement to Hacker News that the issue was limited "to a small number of machines and has been fixed, and we have added this pattern to our code scanners to catch future issues."
Source: BBC News