The size of the 2013 hack on Yahoo was incredible. After initially announcing that one billion users had been affected, the company later admitted that every one of its 3 billion+ accounts had been compromised, making it one of the biggest tech fails of the last decade. Four years after the incident, former CEO Marissa Mayer has apologized and said the details are still a mystery.
Speaking before the Senate Commerce Committee after being subpoenaed last month—she had previously denied multiple requests to testify—Mayer said: “As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information. As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users.”
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data.”
Mayer stepped down from her position as Yahoo CEO just after the company was acquired by Verizon in June. Last month, it was revealed that every Yahoo account was affected by the 2013 hack. Verizon said it learned the new information after the purchase and disclosed it within a week.
Back in March, the Department of Justice indicted two Russian intelligence agency officers, along with two others, in connection to a 2014 cyberattack on Yahoo that compromised 500 million of its accounts. Mayer has said that she doesn’t know if Russian operatives were also behind the 2013 hack.
Exactly how the attacks were carried out is still unknown. “To this day we have not been able to identify the intrusion that led to this theft,” Mayer said. “We don’t exactly understand how the act was perpetrated. That certainly led to some of the areas where we had gaps of information.” Yahoo did not know about the breaches until US agencies presented it with evidence in November 2016.