In a message posted on Pastebin and AnonPaste Saturday, an Egyptian hacker name Virus_HimA claim to breach Yahoo’s security system and made three claims: access to a “full file backup” of one of Yahoo’s domains, full access to 12 Yahoo databases, and discovery of a reflected cross site scripting (XSS) vulnerability.
Virus_HimA
Here is what Virus_HimA posted on both Pastebin and AnonPaste:
Hello f0lks, sorry for bieng late but Here comes the rain again 🙂
This is ViruS_HimA [From Egypt with love] 🙂
get in touch on adam.theruler<‘at’>yahoo
First of all let me clear some points:
1- I’m one person not a group!
3- I’ve published only little records for Adobe and I will never use/share/sell/publish Adobe/Yahoo data/exploits anywhere,
Yes it’s a promise.
As i said i’m not looking to ruin anybody business, I’ve stopped black hat activities long time ago and will never be a black hat again.
Why? because long time ago i started working as a security researcher and penetration tester in legal manner with legal companies,
so I’m not looking to ruin my career/reputation because of such activities.
[…………]
Here we go for Yahoo. but this time i will publish proofs only without publishing data like in Adobe case,
I already gained the trustworthy I was looking for.
~ Leaks contains:
Full files backup for one of Yahoo domains!! [Lead to full access on the server of that domain]
Full access to “12” of Yahoo Databases!! [Lead to full access on the server of that domain]
Reflected-XSS(Cross Site Scripting) vulnerability.
[Proofs: ………..]
Notes:
1- I’m not the one on the news who is selling the Yahoo xss for 700$, you may noticed that his name is “TheHell”
idk why that krebsonShitz is linking me to that attack! why i don’t sell things I got here? while it’s awesome stuff not just XSS!!!
2- I’m not planning to do any more leaks soon!
Hey Yahoo! you have to think well about making Hall of fame for security researchers
because this will get you much reports for your vulnerabilities.(just a suggestion!)
Always be proactive not reactive in safeguarding your critical data.
~ By ViruS_HimA ~
Yahoo spokesperson gives the following statement to TNW, saying, the company investigating into the matter:
“Thanks for contacting us regarding this matter,” a Yahoo spokesperson said in a statement. “At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We are aware of a recent online posting regarding vulnerabilities in our systems. We are investigating these claims and will work diligently to fix any vulnerabilities that are found. At this time, we confirm that there has been no user impact associated with these claims.”
