Yahoo’s CISO, Alex Stamos, has stated that the issue wasn’t Shellshock related, and that the researcher didn’t contact Yahoo’s normal security channels as stated. Yahoo says they’ve isolated “a handful of our impacted servers and at this time we have no evidence of a compromise to user data” A Yahoo representative has apologized to the researcher, but encouraged him to participate in the Bug Bounty program if he found the issue. The researcher’s actions raise interesting questions as he actively breached a victim’s servers, killing processes and running his own code, in order to discover the alleged Romanian compromise.”]