Ex-Yahoo CEO Sorry for Hacks That Affected All 3 Billion Users

Tammy Harvey
November 9, 2017

Former Yahoo Chief Executive Marissa Mayer and ousted Equifax CEO Richard Sherman appeared before Congress on Wednesday, offering explanations and apologies for how billions of user accounts and identities were disseminated through hacks at their companies. Mayer says Yahoo, which originally said only 1 billion accounts were affected, didn't find out about the hack until it got data from the government in 2016 and still hasn't figured out how it happened, though she says Russian intelligence officers have launched attacks on Yahoo systems.

Mayer apologized during the hearing.

"Even robust defenses and prosecutors aren't sufficient to protect against the state-sponsored attack, especially when they're extremely sophisticated and persistent", Marissa Mayer testified.

"Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data".

Lawmakers said rigorous security rules are needed to counter the hacks and that companies need "extreme" limits to protect customers' privacy.


However, it was revealed later that three billion user accounts were affected.

The digital diva - who left the helm of Yahoo earlier this year after it was acquired by Verizon - was forced to testify with a subpoena after she refused several requests to testify voluntarily, according to a Tuesday report. Roger Wicker, R-Miss., asked all of those testifying, including the interim and former CEOs of Equifax, Paulino de Rego Barros Jr. and Richard Smith, as well as Entrust Datacard CEO Todd Wilkinson, if they took issue with Nelson's contention that a "mere company" can not withstand persistent attacks from state-backed hackers without the help of the National Security Agency.

Senators questioning the CEOs were not optimistic about future security breaches.

She said Yahoo still has not been able to identify the intrusion that led to that theft.

Sen. John Thune, R-S.D., the committee chairman, said 48 states have separate laws governing how and when companies must notify consumers of a breach.

Other reports by Ligue1talk

Discuss This Article

FOLLOW OUR NEWSPAPER