The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain ‘suggestions.yahoo.com’ Egyptian Cyber Security Analyst, ‘Ibrahim Raafat’, found and demonstrated ‘Insecure Direct Object Reference Vulnerability’ in Yahoo’s website on his blog. Exploiting the flaw escalates the user privileges that allow a hacker to delete more than 365,000 posts and 1,155,000 comments from Yahoo! Database.
Source: https://thehackernews.com/2014/03/yahoo-vulnerability-allows-hacker-to_1.html