Yahoo's Marissa Mayer gives up her 2017 bonus

Nick Sanchez
March 5, 2017

Yahoo did not disclose the 2014 breach until last September when it began notifying at least 500 million users that their email addresses, birth dates, answers to security questions, and other personal information may have been stolen.

"In late 2014, senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the company's account management tool", Yahoo said in the filing.

Based on its investigation, the Independent Committee concluded that the Company's information security team had contemporaneous knowledge of the 2014 compromise of user accounts, as well as incidents by the same attacker involving cookie forging in 2015 and 2016.

"As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted", she said. "The forged cookies have been invalidated by the Company so they can not be used to access user accounts", Yahoo added.

Yahoo's top lawyer has resigned and CEO Marissa Mayer was docked of her 2016 bonus following an internal investigation into the company's handling of massive hacks it experienced in 2014. The revelations about the data breaches jeopardized the deal, but on February 21 the two firms announced they would go ahead with the sale, for $4.48 billion, with Verizon getting a $350 million discount as a result of the hacking scandal. As of Aug 25, 2016, Ms Mayer held Yahoo stock options and restricted stock units valued at US$86.4 million, according to a company SEC filing.

Yahoo unveiled two major hacks a year ago, with one affecting 500 million people and another impacting 1 billion. Yahoo also said that General Counsel Ronald Bell was resigning effective immediately and that no payments were being made in connection with his departure.

Another breach in 2013 was much larger and affected more than a billion accounts. Verizon Communications Inc lowered its original offer to buy Yahoo Inc's core business by $350 million following the two cyber attacks.

In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. The deal is expected to close by the end of June.

Mayer wrote in a Tumblr post on Wednesday that she would give up the compensation because the security breach occurred on her watch.

With the committee's findings in hand, the Yahoo board decided not to award Mayer any 2016 bonus.

Last week, a price cut kept Verizon on track to complete the purchase of Yahoo's internet business and share the costs from a pair of epic hacks that had threatened to derail the deal.

Other reports by Ligue1talk

Discuss This Article