Yahoo Jobs site could have fallen to data hack
The threat of a SQL injection hack had been hanging over Yahoo's recruitment website.
Security researchers have said that the Yahoo jobs site was potentially open to a SQL injection flaw.
Data security company Imperva said that the Blind SQLi' problem meant that the personal information of people could have been compromised.
Amichai Shulman, chief technology officer for Imperva, said in a statement that data could have been taken and traded on online fraud forums. He explained that the SQL injection hack could have harvested private data, with forums acting as an auction or exchange.
"If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result," he said.
"SQL injection is a major thorn in the side for the web site hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact as high risk."
Yahoo had not responded to IT PRO's request for comment at the time of publication, but Imperva claimed that the company had been contacted, and had already deployed a fix to resolve the issue.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.