Egyptian Hacker Teaches Yahoo 'Hard Lesson'
Yahoo!'s headquarters in Sunnyvale, Calif.
CREDIT: Coolcaesar/Creative Commons
An Egyptian hacker claims to have gained unauthorized access to Yahoo's servers for at least two domains.
Hacker ViruS_HimA said in a Pastebin posting that as a professional security tester and researcher, his black-hat hacking days were behind him. Whenever he finds vulnerabilities he reports them straight to the vendor, he said.
"Google was great in fast reply and patch release," ViruS_HimA said. "But for Adobe and Yahoo they were so slow in reply and fix, You know what? Yahoo never reply for my message!"
That alleged non-response prompted ViruS_HimA to go public with the data breach, which, he claimed, gave him access to a "full file backup," access to 12 Yahoo databases and the ability to exploit a cross-site scripting flaw.
If ViruS_HimA is to be taken at his word, Yahoo's customers are extremely lucky. Had a cyberthief gone that deep into Yahoo's digital bowels, he would have had access to very sensitive user data that may have included email address and passwords as well as bank card information.
In November, ViruS_HimA claimed to have stolen 150,000 Adobe Systems customers, publishing the details of 230 customers as proof. ViruS_HimA said he went public to "teach both of them a hard lesson" when it comes to ignoring warnings from security testers.
Yahoo did not respond to a request for comment.
Follow Ben on Twitter @benkwx.