Former CEO at Yahoo Marissa Mayer admitted to a congressional committee on Wednesday that Yahoo still does not know how computer hackers were able to compromise information of billions of users on the Internet pioneer’s site.
In her opening statement before the Senate Commerce Committee, Mayer made an apology to the users of Yahoo, blamed the breach on Russian agents and said Yahoo worked quickly to protect the accounts of users and reach out to law enforcement.
Mayer testified before the committee with Paulino do Rego Barros Jr. the interim CEO at Equifax, and former CEO at Equifax Richard Smith, along with chief privacy officer with Verizon Karen Zacharia and CEO at Entrust Datacard Todd Wilkinson.
The former Yahoo CEO, who left the company earlier in 2017 after Verizon acquired it, had refused to testify following several requests, but was forced to after being subpoenaed. A spokesperson for Mayer said on Tuesday she appeared voluntarily.
Mayer told members of the Senate committee that as the CEO the thefts occurred during her tenure, and she wanted to apologize to every Yahoo user.
She added that unfortunately while all measures used by Yahoo helped defended it against the many different attacks from both state-sponsored and private hackers, Russian agents successfully breached the systems and stole data of Yahoo users.
Mayer added that Yahoo still is not fully aware of how the hack was perpetrated.
Mayer did note that after Yahoo had discovered the first hacks during late 2016, it required that all its users change their user passwords if they had not and scrapped all the old security questions.
In June, most of the assets at Yahoo were acquired by Verizon, the same month in which Mayer resigned. Verizon disclosed in October that a data breach at Yahoo in 2013 affected all of the 3 billion accounts, and not the estimated 1 billion that Yahoo had disclosed during December of 2016.
Back in March of this year, two intelligence agents from Russia were charged by federal prosecutors along with a pair of hackers for the masterminding of the theft in 2014 of 500 million accounts on Yahoo, which was the first time the government in the U.S. criminally charged spies from Russian for cybercrimes.
The cyber criminals that Mayer identified as intelligence officers and actors that were state-sponsored from Russia did not find passwords that were in clear text, data from payment cards, or information about bank accounts, said Yahoo when the breaches were discovered.