Yahoo failed to prioritize security: report

Yahoo failed to prioritize security: report
© Getty Images

Yahoo failed to provide resources to its security team and implement steps to protect users' data in recent years, according to a new report from The New York Times on Wednesday.

The report is adding to scrutiny of the tech giant's practices less than a week after Yahoo confirmed that the login information for 500 million users had been stolen.

The Times reported that CEO Marissa Mayer, the former Google executive brought on to turn Yahoo around, opted not to pursue certain security solutions. That included a mandatory password reset for all users, according to the report, because that could have hurt Yahoo’s core email business.

ADVERTISEMENT
Yahoo said in a statement that it had invested heavily in security in recent years.

"Today’s security landscape is complex and ever-evolving, but, at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure," a spokesperson said in a statement.

The report comes as Washington and Silicon Valley grapple with the Yahoo breach. The company has said that an unnamed state actor was behind the theft of at least 500 million users’ credentials in 2014 that it discovered this summer.

Lawmakers have expressed frustration with Yahoo’s seemingly delayed disclosure, both to consumers and to telecommunications giant Verizon, which agreed to purchase the web firm before it was informed of the breach.

“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” wrote Sen. Mark WarnerMark Robert WarnerTech beefs up lobbying amid Russia scrutiny Overnight Tech: Senate Dems want FCC chief recused from Sinclair merger | Tech rallies on Capitol Hill for DACA | Facebook beefs up lobbying ranks Facebook adds two lobbyists amid Russia probe MORE (D-Va.) to the Securities and Exchange Commission, while requesting an investigation. “The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”

Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneSenate panel approves GOP tax plan Republicans see rising Dem odds in Alabama Overnight Health Care: Nearly 1.5M sign up for ObamaCare so far | Schumer says Dems won't back ObamaCare deal if it's tied to tax bill | House passes fix to measure letting Pentagon approve medical treatments MORE (R-S.D.) echoed concerns about the way Yahoo disclosed the breach when speaking with reporters on Tuesday.

“Well, I think the fact that it took so long for it to get disclosed is problematic,” he said. “If there are folks who want to look into it I’m certainly not adverse to that.”

Six Senate Democrats on Tuesday also asked Mayer questions about the hack, including when the company first realized it had been breached.

— This story was updated at 11:17 a.m.