EX-YAHOO CEO Marissa Mayer has said that the firm still has no idea how it fell victim to two major data breaches.
Mayer on Wednesday reluctantly testified before the Committee on Commerce, Science, and Transportation about the two mega-breaches that whacked Yahoo in 2013 and 2014, and according to reports, the Committee had to threaten Mayer with a subpoena in order to get her to appear.
“As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information,” Mayer said. “As CEO, these thefts occurred during my tenure, and I want to sincerely apologise to each and every one of our users.”
The attacks took place in August 2013, but Yahoo only found out it had been hacked when police showed the company files that had been stolen from its servers.
The firm also failed to recognise that three billion user accounts – not 500 million as first reported – were compromised in the breaches. When quizzed as to how this went unnoticed, Mayer admitted that the specifics of the attack still remain unknown.
“To this day we have not been able to identify the intrusion that led to this theft,” Mayer said. “We don’t exactly understand how the act was perpetrated. That certainly led to some of the areas where we had gaps of information.”
Rather than placing the blame on Yahoo’s lacklustre security measures, Mayer went on to say that Russian hackers were to blame for at least one of the two intrusions, noting that “there was little anyone could do about a state-sponsored attack.”
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data,” she said.
“Yahoo worked closely with law enforcement, including the Federal Bureau of Investigation, who were ultimately able to identify and expose the hackers responsible for the attacks.
“We now know that Russian intelligence officers and state-sponsored hackers were responsible for highly complex and sophisticated attacks on Yahoo’s systems.”
Earlier this year, the Department of Justice formally charged two Russian spies and two criminal hackers for the 2014 Yahoo breach, marking the first US criminal cyber charges against the Russian government. µ
Source : Inquirer