21 October 2018
Yahoo CEO Marissa Mayer acknowledged that the security breaches occurred during her tenure. Photo: Bloomberg
Yahoo CEO Marissa Mayer acknowledged that the security breaches occurred during her tenure. Photo: Bloomberg

Yahoo CEO loses millions in bonuses over security breaches

Yahoo Inc. chief executive Marissa Mayer is giving up her US$2 million annual bonus and annual stock award worth millions of dollars in a virtual admission of her responsibility in the security breaches that exposed the personal information of 1.3 billion users.

The company revealed last year that it suffered two security breaches, one in 2014 and one in 2013, that compromised the information of its users, including names, email addresses, telephone numbers, and cached passwords, the technology news website The Verge reports.

While the breaches did not compromise users’ financial information, they affected Yahoo’s acquisition talks with Verizon, which negotiated to pay US$350 million less than the original amount of US$4.8 billion for the deal, the report said.

In a blog post on Yahoo’s Tumblr service, Mayer said she did not learn about the scope of the breaches until September and then tried to set things right, the Associated Press said.

“However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant,” Mayer wrote.

Mayer, whose management team was found by an internal review to have reacted too slowly to one breach in 2014, said on Wednesday she wanted the board to distribute her bonus to Yahoo’s entire workforce of 8,500 employees, AP said. The board did not say if it would do so.

Mayer has accumulated about US$162 million during her the five years she has spent as the company’s CEO in both salary and stock awards, according to CNN.

She’s also due about US$55 million in severance if she decides to leave the company following its acquisition by Verizon.

Yahoo on Wednesday said about 32 million user accounts were accessed by intruders in the last two years using forged cookies, Reuters reported.

The company said some of the latest intrusions can be connected to the “same state-sponsored actor believed to be responsible for the 2014 breach”, in which at least 500 million accounts were affected.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo said in its latest annual filing.

These cookies have been invalidated so they cannot be used to access user accounts, the company said.

Forged cookies allow an intruder to access a user’s account without a password.

– Contact us at [email protected]


EJI Weekly Newsletter

Please click here to unsubscribe