When ironed about how Yahoo failed to realize that 3 billion accounts and not 500 million as first proclaimed were endangered in what was later revealed to be a state-sponsored attack by Russia, former Yahoo CEO Marissa Mayer indicated that the specifics of the attack still remain unknown.
“To this day we have not been able to recognize the intrusion that led to this theft,” Mayer told the Senate Commerce Committee. “We don’t exactly agree how the act was perpetrated. That certainly led to some of the areas where we had gaps in data.”
Notably, while Mayer is no longer with the business, Verizon Chief Privacy Officer Karen Zacharia, also being on the panel, did not chime in to disagree with that assessment.
Yahoo did not see that it had been compromised in 2013 and 2014 until third-party evidence of the hack was given to the company by law enforcement in 2016. Yahoo then started working with the Department of Justice and the FBI, and the agencies inferred that in 2014 the company was a victim of a massive Russian state-sponsored attack for which it was in no way qualified.
“Yahoo served closely with law enforcement, including the Federal Bureau of Investigation, who was ultimately able to identify and detect the hackers responsible for the attacks,” Mayer said in her testimony. “We now acknowledge that Russian intelligence officers and state-sponsored hackers were tied for highly complex and advanced attacks on Yahoo’s systems.”
According to Zacharia, Verizon received new details on the hack after it obtained Yahoo in June of 2017. The new parent corporation acted within a week to publish the vastly widened scope of the attack, which tripled to 3 billion affected users.