Marissa Mayer will give up annual equity, bonus due to security breaches

Nick Sanchez
March 4, 2017

"In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password", Yahoo explained.

An update regarding the internal, independent board committee investigation of two massive Yahoo hacks, released yesterday along with a 10-K financial filing for the company for 2016, reveal a little more about who knew what and when concerning data breaches. According to the filed documents, the affected cookies have since been invalidated.

Yahoo CEO Marissa Mayer is among the highest paid CEOs.

Yahoo began warning some customers in mid-February that state-sponsored attackers had accessed their accounts by using the sophisticated cookie forging attack.

The chief exec is doing so as a tacit admission of failure following Yahoo's two separate security breaches revealed previous year that collectively compromised the personal information of more than 1.5 billion users.

The filing by the company, which concluded the investigation, avoided the naming of individuals responsible for the security woes at Yahoo, and left a number of questions still unanswered. She has also offered to forgo any annual equity award this year as the breaches occurred during her tenure, Yahoo added. According to the SEC filling, "In late 2014, senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company's account management tool".

Twenty-six Yahoo users had been particularly targeted by hackers, and were notified, as was law enforcement, Yahoo said. The company went on to say unnamed senior executives failed to grasp the extent of the breach early enough.

The forged cookies have since been invalidated by the company so they can not be used to access user accounts, Yahoo said on Wednesday.

VijayaGadde, Twitter's Head of Legal Affairs said that he has little to no knowledge about Yahoo's breach, but he knew that lawyers are very easily blamed for everything.

Mayer, a former Google executive, said she would voluntarily turn down her annual bonus and equity grants for 2017 as a result of the incidents.

Yahoo's general counsel, Ronald Bell, resigned without severance pay for his department's lackadaisical response to the security lapses.

Yahoo revealed a year ago that it suffered two security breaches, one in 2014 and one in 2013, that compromised info like names, email addresses, telephone numbers, and cashed passwords.

Last month, Verizon Communications, which is in the process of buying Yahoo's core assets, lowered its original offer by US$350 million (S$494 million) to US$4.48 billion.

Other reports by Ligue1talk

Discuss This Article