Yahoo's Marissa Mayer Gets Reprieve From Hacking Criticism -- Update
March 17 2017 - 1:43PM
Dow Jones News
By Deepa Seetharaman
Federal officials this week heaped praise on Yahoo Inc. Chief
Executive Marissa Mayer for the company's cooperation in an
investigation of the hacking of hundreds of millions of the site's
accounts.
It was rare recognition for Ms. Mayer, who came under increasing
pressure with each additional disclosure about the 2014 security
breach since she made it public last September.
The Justice Department and the Federal Bureau of Investigation
on Wednesday accused the Russian government of facilitating the
attack -- and said the hackers were able to use the information
they stole until last December, more than two years after the
initial breach occurred.
FBI Special Agent Jack Bennett of the bureau's San Francisco
division on Wednesday praised Ms. Mayer's "great leadership and
courage while under intense pressure from many entities." Federal
officials didn't fault Yahoo for the attack, and instead positioned
the company as a "victim" in an "unfair fight" against
state-sponsored hackers.
The Yahoo case provided the Justice Department with a clear
illustration of the benefits to companies of cooperating with law
enforcement in investigating cyberbreaches. The government's
reaction this week shows it won't necessarily fault the company
itself for the breach, said officials and cybersecurity
experts.
"You'd be amazed by the number of companies whose first instinct
is to duck and cover," said Michael Sulmeyer, director of the Cyber
Security Project at the Harvard Kennedy School of Government.
Law-enforcement officials have spent years trying to encourage
companies to report cyberbreaches to the government and assuage
their concerns that they will lose control of their data and the
investigation if they invite law enforcement in, said Luke
Dembosky, a lawyer at Debevoise & Plimpton who when he was a
national-security prosecutor supervised the investigation into a
hack against Sony Pictures Entertainment.
Yahoo's board of directors was less forgiving than the Justice
Department. Earlier this month, directors cut Ms. Mayer's pay after
an independent review found "failures in communication, management,
inquiry and internal reporting contributed to the lack of proper
comprehension and handling of the 2014 security incident."
"Here's the reality: They didn't have proper security protocols
in place when they get alarms going off when unusual things
happen," said Hemanshu Nigam, chief executive of SSP Blue, a
security consulting firm. There was "no consistent attack and
penetration testing to see what the weaknesses might be," he
said.
In a statement, a Yahoo spokesman said the company has worked
continuously to pre-empt security threats to its users. "We have
invested more than $250 million in security initiatives across the
company since 2012," the spokesman said. "We routinely conduct red
team exercises, where we adopt the tools and methods of adversaries
to test and improve our defenses."
The 2014 hack, and another in 2013 that affected more than one
billion accounts, forced Yahoo back to the negotiating table with
Verizon Communications Inc., to whom the company had agreed to sell
itself weeks before disclosing the 2014 attacks. Yahoo agreed last
month to slash $350 million from its sale price of $4.83 billion to
account for the hacks.
The revelation in September of the hack was short on details,
reporting that 500 million accounts had been compromised by a
state-sponsored hacker in 2014.
The indictment shows that Russian hackers frequently accessed
accounts and did so as late as June 2016, one month before Yahoo
started probing online offers by hackers of access to what they
billed as a cache of 280 million Yahoo usernames and passwords. The
hackers continued to use information they stole from Yahoo until
December, three months after Yahoo disclosed that half a million
accounts were compromised in 2014.
The hackers also used the stolen information to unleash spam
campaigns and manipulate search results.
Yahoo's board said it wouldn't award Ms. Mayer her 2016 cash
bonus, and accepted her offer to forgo her 2017 equity awards. The
review also triggered the resignation of Yahoo's top lawyer, Ronald
Bell. The board directed Yahoo to beef up its cybersecurity
measures.
--Aruna Viswanatha and Robert McMillan contributed to this
article.
Write to Deepa Seetharaman at Deepa.Seetharaman@wsj.com
(END) Dow Jones Newswires
March 17, 2017 14:28 ET (18:28 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Mar 2024 to Apr 2024
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Apr 2023 to Apr 2024