Hacker nabs Yahoo! site backups

By on
Hacker nabs Yahoo! site backups

A penetration tester has reportedly hacked Yahoo! and gained access to website backup and database files for a dozen databases.

The hacker using the handle Virus_Hima published screenshots that showed the purported site backups for a Yahoo! finance subdomain.

The hacker claimed to have accessed the databases via a reflected cross site scripting vulnerability which he said was fixed by Yahoo!. He also said he discovered a SQL Injection hole.

Virus_Hima disclosed the flaws alleging that Yahoo! had ignored his vulnerability disclosure email.

The writer previously dumped 230 email addresses, names and hashed passwords extracted from an Adobe database of 150,000 records and revealed how attackers could access Yahoo! emails by stealing cookies.

"I have found tens of zero day vulnerabilities in big web sites such as Adobe, Microsoft, Yahoo!, Google, Apple, Facebook," the hacker wrote in a public clipboard document.

"Google [replied and patched quickly] but for Adobe and Yahoo they were so slow in reply … So I decided to teach both of them a hard lesson to harden [their] security procedures."

Virus_Hima denied links to the sale of the Yahoo! email exploit on criminal forums.

Yahoo! has been contacted for comment.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your reaction to Microsoft shifting Azure prices into $US?
Upset that we'll pay more
We'll manage it, but wish prices were consistent
Not a problem - we already purchase in $US
We'll move to other clouds
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?