Yahoo failed to prioritize security: report

Yahoo failed to prioritize security: report
© Getty Images

Yahoo failed to provide resources to its security team and implement steps to protect users' data in recent years, according to a new report from The New York Times on Wednesday.

The report is adding to scrutiny of the tech giant's practices less than a week after Yahoo confirmed that the login information for 500 million users had been stolen.

The Times reported that CEO Marissa Mayer, the former Google executive brought on to turn Yahoo around, opted not to pursue certain security solutions. That included a mandatory password reset for all users, according to the report, because that could have hurt Yahoo’s core email business.


Yahoo said in a statement that it had invested heavily in security in recent years.

"Today’s security landscape is complex and ever-evolving, but, at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure," a spokesperson said in a statement.

The report comes as Washington and Silicon Valley grapple with the Yahoo breach. The company has said that an unnamed state actor was behind the theft of at least 500 million users’ credentials in 2014 that it discovered this summer.

Lawmakers have expressed frustration with Yahoo’s seemingly delayed disclosure, both to consumers and to telecommunications giant Verizon, which agreed to purchase the web firm before it was informed of the breach.

“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” wrote Sen. Mark WarnerMark Robert WarnerRussia docs order sets Trump on collision with intel community Hillicon Valley: North Korean IT firm hit with sanctions | Zuckerberg says Facebook better prepared for midterms | Big win for privacy advocates in Europe | Bezos launches B fund to help children, homeless Bipartisan trio asks US intelligence to investigate ‘deepfakes’ MORE (D-Va.) to the Securities and Exchange Commission, while requesting an investigation. “The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”

Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneWant to improve health care? Get Americans off of their couches More Dems want focus on job creation than wage growth Google, Apple, Amazon execs to testify at Senate privacy hearing this month MORE (R-S.D.) echoed concerns about the way Yahoo disclosed the breach when speaking with reporters on Tuesday.

“Well, I think the fact that it took so long for it to get disclosed is problematic,” he said. “If there are folks who want to look into it I’m certainly not adverse to that.”

Six Senate Democrats on Tuesday also asked Mayer questions about the hack, including when the company first realized it had been breached.

— This story was updated at 11:17 a.m.