The search engine Yahoo has been hacked after attackers found a minor bug while trying to exploit the Shellshock vulnerability.
Three of the firm’s sports servers had malicious code executed on them last weekend. The affected machines were used to provide live game streaming data.
Alex Stamos, chief information security officer at Yahoo, said: "At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected.
"This flaw was specific to a small number of machines and has been fixed, and we have added this pattern to our [development] code scanners to catch future issues."
Yahoo had previously claimed the breach was a result of the Shellshock bug, which affected the Bash command line common to Linux, Unix and Mac, allowing hackers to input malicious code by changing the basic information that Bash reads on all machines.
The search engine commented on the problem after security researcher Jonathan Hall of Future South Technologies claimed the company had been attacked by Romanian hackers.
According to Hall, a former black hat hacker who operated outside the law, the hacking group had been exploiting Shellshock to build a network of corrupted Unix machines, known as a botnet.
"People are very seriously underestimating the Shellshock vulnerability," he wrote in an email to Yahoo chief executive Marissa Mayer.
"I have successfully exploited this vulnerability remotely during testing via many vectors," he added. "From web scripts to FTP [file transfer protocol], and even via SSH [network protocol secure shell] when certain conditions are met."
Stamos said that the affected servers at Yahoo had been patched twice in the wake of the Shellshock bug disclosure, and that a trace of the code used in the hack assured him the Bash flaw had not been exploited.
