A penetration tester has reportedly hacked Yahoo!, claiming to have gained access to website backup and database files for a dozen databases.
The hacker using the handle Virus_Hima published screenshots that showed the purported site backups for a Yahoo! finance subdomain.
The hacker claimed to have accessed the databases via a reflected cross site scripting vulnerability which he told SC was fixed by Yahoo!. He also said he discovered a SQL Injection hole. Virus_Hima disclosed the flaws alleging that Yahoo! had ignored his vulnerability disclosure email.