The Yahoo Mail hacks were two of the biggest security breaches in internet history, and Yahoo’s CEO, Marissa Mayer, is now paying the price – in millions of dollars. Yahoo’s head lawyer, Ronald (Ron) Bell, is also paying the price of the hack, and will be leaving the company. Mayer announced she would forgo her annual bonus, worth $2 million, in an unlikely location – her tumblr blog.
According to an internal review performed at Yahoo, as Business Insider reports, Marissa Mayer and her management team were too slow to react to the first breach, while the legal department, headed by Ron Bell, did not look deep enough into the breach, which in turn led to the incident not being properly investigated until two years later.
The first Yahoo Mail hack, which occurred in 2014, resulted in 500 million affected user accounts, of Yahoo’s email service and other services. Email addresses, birth dates, security questions, and other personal information were all presumably stolen by the hackers. According to the evidence collected by an internal Yahoo security team, the hackers were backed by an unnamed foreign government.
Despite evidence of the breach, back in 2014 Yahoo only notified 26 users which were thought to have been specifically targeted by the hack, and failed to investigate the matter further. It was only in September 2016, that Yahoo disclosed the hack publicly, and began notifying the 500 million estimated affected users. The internal committee set to investigate Yahoo’s reaction to the hack, published its results on Wednesday.
“The Committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014, and they did not sufficiently pursue it. As a result, the 2014 Security Incident was not properly investigated and analyzed at the time, and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident.”
Three months after the public disclosure of the first Yahoo Mail hack, Marissa Mayer and her team had to inform the public of another, separate breach, which occurred in 2013. The second hack is believed to have affected as much as one billion users, and was investigated by the FBI.
Problems weren’t over for Yahoo and Marissa Mayer, however, as only this month Yahoo issued another hack warning to Yahoo Mail users, as reported on The Telegraph. According to the warning, hackers may have been able to access users’ accounts even without knowing their passwords, by using “forged cookies”. This was possible after the hackers managed to steal Yahoo’s source code, and based on Yahoo’s investigation, the hacking took place during 2015 and 2016.
Marissa Mayer, the 41-year-old president and CEO of Yahoo (not to be confused with Marissa Meyer, who is an American novelist), has been with the company since 2012. Before joining Yahoo, Mayer worked at Google – she joined the company in 1999, and was Google’s first female engineer. Her last position at Google was head of “Local, Maps, and Location Services.”
Marissa Mayer’s net worth is estimated at $300 million, and her annual salary is $1 million. Her annual bonus is $2 million, though its exact amount it tied to Yahoo’s performance goals.
Marissa Mayer maintains a blog on tumblr (a social network and micro-blogging site which Yahoo bought in 2013), and following the publication of Yahoo’s internal review of the hacking on Wednesday, she posted a personal update on her tumblr blog. In her update, Mayer announced that she would forgo her annual bonus, as well as relinquish an annual stock award – both worth millions of dollars. Mayer also asked the Yahoo board to distribute her bonus among all Yahoo employees.
“As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted. When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies.
However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”
With hundreds of millions Yahoo Mail users affected by the hacks and millions more who use other Yahoo services, these breaches have left a dark cloud over the company. Later this year, Yahoo’s internet business is due to be acquired by Verizon in a $4.48 billion deal, and will hopefully face a brighter future.
[Featured Image by Ethan Miller/Getty Images]