Yahoo failed to prioritize security: report

Yahoo failed to prioritize security: report
© Getty Images

Yahoo failed to provide resources to its security team and implement steps to protect users' data in recent years, according to a new report from The New York Times on Wednesday.

The report is adding to scrutiny of the tech giant's practices less than a week after Yahoo confirmed that the login information for 500 million users had been stolen.

The Times reported that CEO Marissa Mayer, the former Google executive brought on to turn Yahoo around, opted not to pursue certain security solutions. That included a mandatory password reset for all users, according to the report, because that could have hurt Yahoo’s core email business.

Yahoo said in a statement that it had invested heavily in security in recent years.

"Today’s security landscape is complex and ever-evolving, but, at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure," a spokesperson said in a statement.

The report comes as Washington and Silicon Valley grapple with the Yahoo breach. The company has said that an unnamed state actor was behind the theft of at least 500 million users’ credentials in 2014 that it discovered this summer.

Lawmakers have expressed frustration with Yahoo’s seemingly delayed disclosure, both to consumers and to telecommunications giant Verizon, which agreed to purchase the web firm before it was informed of the breach.

“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” wrote Sen. Mark WarnerMark Robert WarnerWray defends FBI after 'sobering' watchdog report Top Dems: IG report shows Comey's actions helped Trump win election Dem senator: Trump at G-7 made me ‘embarrassed for our country’ MORE (D-Va.) to the Securities and Exchange Commission, while requesting an investigation. “The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”

Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneTrump plan to claw back billion in spending in peril McConnell: Mueller 'ought to wrap it up' Graham jokes about Corker: GOP would have to be organized to be a cult MORE (R-S.D.) echoed concerns about the way Yahoo disclosed the breach when speaking with reporters on Tuesday.

“Well, I think the fact that it took so long for it to get disclosed is problematic,” he said. “If there are folks who want to look into it I’m certainly not adverse to that.”

Six Senate Democrats on Tuesday also asked Mayer questions about the hack, including when the company first realized it had been breached.

— This story was updated at 11:17 a.m.