Just last week, Yahoo fell victim to what could be the biggest data breach in the digital era. Over 500 million Yahoo accounts have been compromised by hackers, according to emerging reports.
Yahoo confirmed certain user account information — including names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers — was stolen from the company’s network in late 2014. The firm has also confirmed that effected users have been notified that they should change their passwords — preferably two years ago if they have a time machine on hand.
According to The New York Times, years ago, Yahoo missed an opportunity to invest in the type of security defenses needed to protect its systems from increasingly sophisticated hackers.
Yahoo employees said that security was just one of the competing priorities Marissa Mayer was faced with when she took over as CEO back in 2012.
The company’s security team, internally referred to as the “Paranoids,” was often known to clash with other parts of the business about security-related costs, and its requests would be overlooked due to concerns about the inconvenience of increased protection.
Sen. Mark Warner (D-VA) is pointing the finger at Yahoo for the breach taking place, arguing that the Securities and Exchange Commission should open an investigation after the revelations about the data breach last week.
Warner penned a letter to SEC Chair Mary Jo White that the SEC should be looking into Yahoo’s conduct as to how properly it informed investors when and after the incident occurred.
Mayer was reportedly not quick to announce that 500 million accounts had been compromised in the 2014 breach. Apparently, she’d known about it as early as July, according to Warner, who is also the cofounder of the Senate Cybersecurity Caucus. Warner believes Yahoo failed to give timely notification to Verizon Communications Inc. Earlier this year, Verizon announced interest in acquiring Yahoo’s core assets.