Marissa Mayer says she doesn't know how Yahoo got hacked

Former Yahoo CEO Marissa Mayer admitted on Capitol Hill Wednesday that the Silicon Valley giant still doesn’t understand how hackers managed to compromise the information of billions of Yahoo users.

In an opening statement to the Senate Commerce Committee, Mayer apologized to Yahoo’s users, blamed “Russian agents” for the breach and said that Yahoo quickly worked to protect user accounts and contact law enforcement.

The digital diva — who left the helm of Yahoo earlier this year after it was acquired by Verizon — was forced to testify with a subpoena after she refused several requests to testify voluntarily, according to a Tuesday report. A Mayer spokesperson said Tuesday she was appearing voluntarily.

 

“As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Mayer told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax and a senior Verizon Communication executive.

“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data.”

Nevertheless, Yahoo still does not fully understand “how the act was perpetrated,” Mayer admitted.

Mayer noted that after Yahoo discovered the first hacks in late 2016, Yahoo required all of its users to change their passwords if they hadn’t, and scrapped old security questions.

Verizon acquired most of Yahoo’s assets in June, the same month Mayer stepped down. Verizon disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December.

In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, the first time the US government has criminally charged Russian spies for cyber crimes.

The cyber thieves — identified by Mayer as Russian intelligence officers and state-sponsored actors — did not get their hands on “passwords in clear text, payment card data, or bank account information,” Yahoo said at the time.

Mayer testified along with interim Equifax CEO Paulino do Rego Barros Jr. and former Equifax CEO Richard Smith, as well as Verizon’s chief privacy officer Karen Zacharia and Entrust Datacard CEO Todd Wilkinson.

In September, Equifax revealed that hackers had stolen the personal information of over 140 million US consumers from its website.

This story originally appeared in the New York Post.