Yahoo CEO Marissa Mayer rejected a proposed automatic reset of all Yahoo user passwords in the wake of a major cyber attack, because she feared it would scare away users, a new report claims.
It has been revealed that in 2014, more than 500 million Yahoo users’ accounts were hacked and their login details compromised, in what is believed to be the biggest security breach of all time.
The Financial Times cites unnamed sources close to Yahoo who claim that Mayer knew of the hack back in July but rejected the idea of sending out an automatic email telling users to immediately update their password – a move which is standard practice whenever a company suspects its security has been breached.
A separate report in the New York Times claims Mayer rejected the proposal because she was worried it would scare users away in favour of rival services.
It was also claimed that under Mayer’s leadership, security against hackers “took a backseat” at Yahoo and that she would often clash with the security team over the company’s spending on security matters.
In 2010, Yahoo, Google and other major tech firms were the victims of a major security breach from what were believed to be Chinese state hackers.
Following the attack, Google promised “never again” and invested heavily in security, adding hundreds of engineers and programmers to its security team .
They also introduced a bug bounty programme, whereby ‘white hat’ hackers are paid to find holes in the Google’s security – Facebook has a similar program.
Yet it took Yahoo another three years to start its own bug bounty program.
On Tuesday, six senior US senators demanded that Yahoo explain why the security breach which resulted in the theft of more than 500 million user account took two years to come to light and called the company’s handling of the breach “unacceptable”.