Yahoo Reveals New Details of Major 2013-2016 Security Breaches

Following an independent committee investigation into a series of major security breaches affecting more than 1 billion user accounts, Yahoo CEO Marissa Mayer will lose out on a cash bonus and an equity award reportedly worth around $14 million.

The committee's findings, outlined in a company filing yesterday with the Securities and Exchange Commission (SEC), also prompted the resignation of Yahoo general counsel and secretary Ronald Bell.

Yahoo's 10-K annual report revealed additional details about the committee's investigation into the theft of account information in 2013 and 2014 that affected 1 billion and 500 million user accounts, respectively. The company also reported that an unauthorized third party created forged cookies in 2015 and 2016 that could have enabled password-free access to some 32 million user accounts.

Both the 2014 breach and the later cookie-forging incident are believed to be the responsibility of the same, unidentified state-sponsored actor, investigators have concluded.

Years of Breaches, Declining Fortunes

Yesterday's SEC filing was the latest chapter in the years-long saga of Yahoo's declining fortunes. Once valued at more than $44 billion, the company is soon set to be acquired by Verizon for $4.48 billion, which reflects a recent $350 million price cut due to Yahoo's serious security problems over the past few years.

The committee and outside forensics experts brought in to investigate the three large security breaches that occurred between 2013 and 2016 concluded that Yahoo's information security team had "contemporaneous knowledge" about the incidents in 2014, 2015 and 2016, according to the SEC filing. Senior executives and legal staff also knew of the breaches but "failed to act sufficiently" on that knowledge, the committee noted.

In response, Yahoo's board of directors said it would not award Mayer an expected 2016 cash bonus. Mayer also offered to forgo any 2017 equity award funds as the...

Comments are closed.