Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Yahoo! Security Technology

Former Yahoo CEO Marissa Mayer Apologizes For Data Breach, Blames Russians (reuters.com) 212

Former Yahoo chief executive officer Marissa Mayer apologized today for a pair of massive data breaches at Yahoo and blamed Russian agents on the growing number of incidents involving major U.S. companies. A reader shares a report: "As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users," she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax and a senior Verizon Communications executive. "Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

Former Yahoo CEO Marissa Mayer Apologizes For Data Breach, Blames Russians

Comments Filter:
  • by OffTheLip ( 636691 ) on Wednesday November 08, 2017 @11:04AM (#55513643)
    blame Russia. I sense a pattern here.
  • by Jerry ( 6400 ) on Wednesday November 08, 2017 @11:04AM (#55513647)

    losers blaming Russians for their own incompetency.

    • Re: (Score:2, Funny)

      by guacamole ( 24270 )

      Thanks Obama!

    • so right. The tone of the transcript is "yeah - we really had no chance against those big bad Russian guys. We kept everyone else out...but not those guys " Russia is hacking everything in sight - gosh none of us stand a chance.

      Plus - it's a diversion. "ignore the man behind the curtain" -- "look! Squirrel... and Moose too" Pin it on that Russian voter thing - ignore Yahoo. Look at that other guy.

  • RUSSIA (Score:5, Insightful)

    by amiga3D ( 567632 ) on Wednesday November 08, 2017 @11:05AM (#55513653)

    It's always a good idea to blame other's for your incompetence. If it wasn't the RUSSIANS it'd be the CHINESE or the INDIANS or some other nation. Cyberspace is like the wild west. Strap on a six shooter and defend yourself.

    • Re:RUSSIA (Score:5, Insightful)

      by bluefoxlucid ( 723572 ) on Wednesday November 08, 2017 @11:43AM (#55513939) Homepage Journal

      That's the thing: as a project manager, I look at things we would do differently next time. Factors outside our control are explanations, but not excuses.

      It's kind of annoying that, as a Democrat aligned with the Democratic party philosophies, I have to keep pointing out that Hillary wrote a whole god damned book about why she lost the 2016 election--and blamed everyone else. H.R. McMaster had written a book called "Derelection of Duty" for which he was criticized in reviews because he didn't address the superior strategy and military power of the Vietcong; yet he did exactly what he should have done: he addressed everything the American administration did wrong, because we can't expect the Vietcong to play along nicely in the war.

      Yes, the Russians are coming to hack you. Yes, that's going to cause an uptick in incidents, regardless of what you do. Now harden up and figure out how you're going to keep this shit to a minimum, because that's your job, and it's the only thing you have control over.

      • Re:RUSSIA (Score:5, Interesting)

        by ctilsie242 ( 4841247 ) on Wednesday November 08, 2017 @11:59AM (#55514029)

        A car example of this would be someone who leaves their keys in an unlocked vehicle. First, someone from Lower Elbonia steals the car. Then, someone from Latveria. Then, someone from Cobra Island, and then someone from the Greater East Asia Co-Prosperity Sphere. Yes, one can blame these countries, but there is also the issue that anyone from anywhere could see the car keys and want to go for a ride.

        There comes a point where, yes, a theft is a theft, but there needs to be some culpability in failing to secure things. At least Europe is taking steps to break the "security has no ROI" cycle with the GDPR. It is not perfect, but losing 4% of total earnings is a pretty big incentive to actually spend some on basic security design [1]. Security isn't rocket science. Good security practices have been around since the Cold War era, and OPSEC practices have been around since people started trying to kill each other in groups.

        Good security can be done. It is just bothering to spend the resources to do so.

        [1]: For example, it isn't hard to secure a database. I've seen a startup use transparent encryption through a HSM to ensure that an intruder isn't going to be able to dump the DB and make off with the goodies. If those guys could do it, a well-heeled company can easily implement this, plus many other defense in depth measures. To secure AD, it isn't hard to set up policies requiring 20+ characters for service accounts, and a short (3-5 minutes) lockout period for user accounts, coupled with a real time monitoring system to catch brute force attempts.

      • It's kind of annoying that, as a Democrat aligned with the Democratic party philosophies, I have to keep pointing out that Hillary wrote a whole god damned book about why she lost the 2016 election--and blamed everyone else.

        Not sure how awake you are in this regard, you seem moreso than most, but Hillary is a direct pawn of the Rothschilds, they have an enormous amount of dirt on her and Trump is looking to seize power from their global network of such pawns. Hillary fucked up massively and she's literally in panick-cover-her-ass-mode because things like the Clinton body count are just what she had access to do, the people above her control the wealth and power of entire small nations to themselves.

        She still deserves to be sh

        • I prefer incompetence to giant conspiracy theories.

          I also prefer the Party as a legally-established entity with a set of declared principles rather than a social club, which is why I'm perfectly-fine pointing to everyone in the party and assaulting their policies, protocol, and general behavior. We could use some new leadership, and not Bernie Sanders--not unless you want a Democratic Party even less fiscally-responsible than the Republicans.

          I wish Sarbanes or some equivalent would pull a 2020 Presiden

      • Nice post.
    • she probably has some actual evidence that the hack originated in Russia. And it probably did. Russia and the old Soviet Block countries are full to the brim with out of work software engineers. Didn't you ever wonder why most hacks and quasi-legal software is made over there? China doesn't have this problem because their big manufacturing base absorbs those engineers (and if all else fails the gov't will do make work to keep them from causing trouble).
    • This is even slightly funny when you remember how a number of the NSA documents Snowden leaked talked about how the NSA liked Yahoo for the reason that they didn't really keep their software up to date and thus made hacking them much easier than hacking their competitors.

      Kind of funny how corporate CEOs always characterize their own failures, large or small, the fault of someone else. Makes you wonder if this complete lack of humility and introspection is part of the reason why they've risen to the posit
  • Canada (Score:5, Funny)

    by tsa ( 15680 ) on Wednesday November 08, 2017 @11:07AM (#55513665) Homepage

    What happend to good old Blame Canada?

    • Re:Canada (Score:5, Insightful)

      by Mashiki ( 184564 ) <[mashiki] [at] [gmail.com]> on Wednesday November 08, 2017 @11:13AM (#55513713) Homepage

      It was replaced. First by 4chan, then gamergate, and now Russia. Blaming someone else is the typical cop-out by people who refuse to take responsibility for their actions(or in-action).

      • but if somebody breaks into your house because your door locks were substandard (can happen even if you have nice locks, the more expensive ones are often just that, more expensive) then are you copping-out when blame them?

        Mind you, Yahoo probably bought the crappiest locks they could get away with but still, that doesn't excuse the crime. As for Russia, I'm assuming Mayer's got some evidence if she's willing to say that in front of the Senate. And it's not at all surprising. There are a lot of out of w
    • >What happend to good old Blame Canada?

      They're not even a real country anyway.

      • >What happend to good old Blame Canada?

        They're not even a real country anyway.

        Oh we're still here. We're just keeping politely quiet while the rest of the world wonders WTF is going on with the U.S.

        • by tsa ( 15680 )

          I also would stay quiet as a mouse with all that shit happening just over the border.

        • >What happend to good old Blame Canada?

          They're not even a real country anyway.

          Oh we're still here. We're just keeping politely quiet while the rest of the world wonders WTF is going on with the U.S.

          Release the Geese!

  • Back in 1984 (Score:5, Insightful)

    by cloud.pt ( 3412475 ) on Wednesday November 08, 2017 @11:10AM (#55513689)

    I love how every single US problem these days is insta-mitigated with "blame the russians".

    • Re:Back in 1984 (Score:5, Informative)

      by thinkwaitfast ( 4150389 ) on Wednesday November 08, 2017 @12:58PM (#55514483)
      I don't even recall this happening during the cold war.
    • I love how every single US problem these days is insta-mitigated with "blame the russians".

      I like how people say everyone is saying all problems are the fault of the Russians.

      I don't know that some Russians messed with Mayer's Yahoo or not, because the security breach was just one facet of her remarkable incompetence.

      But in a matter involving the internet, and with some group performing the breach, it just might be a group based in Russia. Mayer et al might just be able to figure out who was responsible - this is not impossible to do. You do know that I hope. So I give her a fair possibili

      • The US is getting hacked every day by every country. But the only ones you hear about on the news are Russia, China and NK.

        It's very easy to attempt to extrapolate that all attacks are state-sponsored when you are so biased by media and politicians that only attacks from these countries actually exist. It's like something erased from the memory of all (even tech-savy) americans the fact that most Internet services and servers are based in the US, and it is an obvious honeypot for everything hack-centric.

        And

        • The US is getting hacked every day by every country. But the only ones you hear about on the news are Russia, China and NK.

          That's so incorrect as to expose some truths about you.

          Ashley Madison, Equifax, Experian, MySpace, Home Depot and many more are not attributed to Russia, China, or North Korea.

          Dmitry Dokuchaev is presumably tied to the Yahoo Breach.

          It's very easy to attempt to extrapolate that all attacks are state-sponsored when you are so biased by media and politicians that only attacks from these countries actually exist.

          But you see, that's all a story in your mind, or one that you are paid to speak about. There are many data breaches. You can read about them here https://www.usatoday.com/story... [usatoday.com]

          I purposely used about as mainstream a source as possible - USA today. Not a breath about R

          • So we're at quote-based Ad hominem and other falacies now. Good to know where this is going.

            Full disclosure: I'm in research. I'm European. I have 0 geographical bias - I am literally in the middle of the situation. I digest everything from RT to CNN with a grain of salt, even The Guardian, especially wikileaks. But your opinion is already formed so I doubt any of this means anything - according to you, Russia cares so much for controlling outlets, it's even paying me to have an argument here. I want my pay

            • So we're at quote-based Ad hominem and other falacies now.

              Okay, allow me to attempt to get you off of your tactice of fallacy accusations. In argument simply accusing someone is insufficient, you have to explicitly point out th efallacy and suggest alternative. So instead of statements, I am moving to questions.

              1. Is politically oriented hacking existent or nonexistent?

              2. Is russian state hacking what is referred to as "Fake News?

              3. Should Americans have any concern about hacking?

              4. Should Americans and their media simply STFU?

              5. Should America prohibit publ

      • Just adding an observation: Marissa Meyer is using public opinion. It's how every big corp or politician responde to any committee or cour hearing that has public access. Why bother with a legal defense that you know will find fault in your work, when you can blame it on the usual suspects, and then the problem is no longer yours by default?

        The only real defense for mediocrity is contrast ©

  • by Anonymous Coward

    If you ever wondered what Marissa Mayer was like at Google, check out "I'm Feeling Lucky: The Confessions of Google Employee Number 59" [amazon.com] by Douglas Edwards.

    • Perhaps someone who has read the book should summarize for us. I don't really feel like ordering the book, wait for it to arrive, and then wade through 300 pages of what Douglas Edwards's life was like at Google just to find the 2 paragraphs on Marissa Meyer.

  • "Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

    So, while they were successful, they weren't? Or are these supposed "Russian agents" somehow not private or state-sponsored?

    • Could be saying that they had measurable, but not total, success.

    • by Anonymous Coward

      "Everything is different, but the same... things are more moderner than before... bigger, and yet smaller... it's computers... San Dimas High School football rules!"

    • by anegg ( 1390659 )

      Apparently *NO ONE* could be expected to maintain security of their systems in the face of the Russian agent onslaught. (eyeroll)

      This might be true if the hack was a really clever attack (like Stuxnet). Whether or not "it was the Russians" is a meaningful defense can't be judged without knowing whether the attack was met with the relative resistance of putting a finger through wet tissue paper or something more difficult, like stealing the gold from Fort Knox. It is unlikely that Yahoo (or anyone else)

    • by AHuxley ( 892839 )
      If it was a movie with a fictional plot?
      The state-sponsored agents presented to be USA law enforcement, walked on site to upgrade their state-sponsored clone of the US PRISM systems in a different room?
      https://en.wikipedia.org/wiki/... [wikipedia.org]
      Another nation has their own "Room 641A" all over the USA https://en.wikipedia.org/wiki/... [wikipedia.org] ?
      They had nice suits, a real looking badge, knew the code words, the secret handshake and had a real looking gov letter.
  • When we reach a point where Russia is reflexively blamed for every hack or hack attempt, every piece of questionable news, every disagreeable online posting, and every boogeyman in the closet, it's just a matter of time before the mob reaches a true fever pitch and declares the world would be sunshine and unicorns again without Russia.

    And that's when things really start to go sideways.

    • Reds under the beds. Makes me feel nostalgic.

    • When we reach a point where Russia is reflexively blamed for every hack or hack attempt, every piece of questionable news, every disagreeable online posting, and every boogeyman in the closet, it's just a matter of time before the mob reaches a true fever pitch and declares the world would be sunshine and unicorns again without Russia.

      Necraft confirms this new Slashdot meme, soon to a Beowulf cluster of Russian interference.

  • Hey Marissa (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Wednesday November 08, 2017 @11:20AM (#55513765)

    If you really felt you were at fault, you'd give all those millions of dollars back.

    But it's quite obvious what's she's saying is "sorry not sorry" - "I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way".

    • by Mitreya ( 579078 )

      "I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way"

      So what is missing from that apology is any(!) indication that next time she would invest in proper security. From what I gather, a lot of these issues could be mitigated by having well funded IT security division.

      Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

      Oooh, well, if they took the radical step of requiring users to change passwords, then I guess there is nothing else to be done.

      • So what is missing from that apology is any(!) indication that next time she would invest in proper security. From what I gather, a lot of these issues could be mitigated by having well funded IT security division.

        Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

        I know whatever they implement will be BS, but you completely ruined your argument by following it with them saying exactly what you said they didn't say.

        • by Mitreya ( 579078 )

          Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

          I know whatever they implement will be BS, but you completely ruined your argument by following it with them saying exactly what you said they didn't say.

          I respectfully disagree (although perhaps it should have been stated in my post).
          I think if they did anything concrete (e.g., hired 20 new security analysts), she would proudly say so.
          The quoted sentence clearly indicates that other "steps" taken were on par with asking user to change passwords (e.g., sending out an internal security memo, or requiring IT department to change their passwords too).

  • by EndlessNameless ( 673105 ) on Wednesday November 08, 2017 @11:20AM (#55513767)

    Good luck if you want to hold anyone accountable for any of this. Maybe you have the time and money to slug it out in the courts. Or years to wait for a verdict.

    We have some experience with addressing this. Companies can get slapped pretty hard for violating HIPAA---either for improper disclosure or poor security. However the law was written, it is effective in making them think about security properly. A law by itself doesn't guarantee good conduct across the board, but it certainly helps when there are consequences.

    If any congressman wants to extend HIPAA-level security requirements to any system that handles the personal information of American citizens, he gets my vote automatically. We should have done it 20 years ago. Better late than never.

    Unless there are new rules and new consequences, nothing will change. Wallets and ballots, people.

  • "Because Russians!"

  • by Anonymous Coward

    Let's be honest. She was the politically-correct choice. Most C-level candidates anymore are chosen not for their merit--be that technical chops or business acumen--but because they meet a certain social expectation: they are a woman, black, an open homosexual, or a mix. Whatever happened to hiring highly-qualified business pros that are simply business pros like Marc Benioff, Michael Mahoney, or Jen-Hsun Huang? These men are great CEOs. They get the job done, they are well liked by everyone. Why? Because t

  • How I hate the scum that cannot take responsibility for what they screwed up. These people are the most destructive force in the workplace, no matter what level.

  • Blame Russians!
  • by sqorbit ( 3387991 ) on Wednesday November 08, 2017 @11:30AM (#55513839)
    ...when it's way easier just to blame Russia. Lots of American's will jump on board with this. Russian hacking is the bad guy, we're the good guys. Now we can all just ignore that fact that US corporations are constantly targets because of horrible security policies and crappy management.
    • by wwphx ( 225607 )
      They also didn't spend money on good code. I've been using Yahoo Mail for years, and whenever it comes up with the "Yahoo Mail logs you out periodically for security purposes", or whatever the stupid message says, you don't have to log back in again 95% of the time. Type mail.yahoo.com and you're back in your mail again without typing in your password.

      Bad design by design.
  • by Anonymous Coward

    Uh, sorry guys. It was the russians who took your money and stuffs. Again, so sorry. Yes, I was paid 30 million when I left, but again, I'm sorry the russians stole your stuffs.

  • Indeed (Score:5, Funny)

    by nospam007 ( 722110 ) * on Wednesday November 08, 2017 @11:39AM (#55513897)

    " I want to sincerely apologize to each and every one of our users,"

    Both of them.

    • " I want to sincerely apologize to each and every one of our users,"

      Both of them.

      Yeah, that's what I was thinking. A phone call would have been quicker.

  • Oh YEA... YAHOO... they got hacked. I forgot. So many data breaches, it's hard to keep up. Seems almost like small potatoes compared to Equifax.
  • I didn't steal your car stereo, it was the uh Russians!

    I'd be happy to sell it back to you though.

  • by Tom ( 822 ) on Wednesday November 08, 2017 @12:44PM (#55514359) Homepage Journal

    So are Russians now incredibly competent and advanced, or are they backwater vodka-drinkers? Make your pick, but it's only one of those. Either those Russians are very competent and can break into stuff where other people can't, or they're a 3rd world country that plays big under an evil dictator. But those things don't mix. We just see the narrative changed all the time, depending on what the purpose is.

  • When you use your finger to point, three fingers naturally point back to you.
  • We have seen she is incapable of blaming herself.

  • It's interesting that they're blaming Russians... I would have thought the breech occurred due to a hole in security - either a system or a person. But I guess then you'd have to accept that you done goofed.
  • Nice try Marissa (Score:5, Insightful)

    by erp_consultant ( 2614861 ) on Wednesday November 08, 2017 @03:01PM (#55515273)

    The dog ate my homework. Let's just blame everything on "the Russians". Well, that narrows it down to a few hundred million people. Let's not bother to actually try and find out which "Russian" may have perpetrated this act. No let's just leave it at that and call it a day. Great way to deflect attention from the fact that this massive breech occurred ON YOUR WATCH.

    Well, at least you managed to get all those people working from home back into the office. Because if they are working from home they can't possibly keep an eye on those pesky "Russians". Except that..oh...it happened anyway. So I guess that one kinda backfired. At least you can point to your tremendous success in every portfolio you touched during your tenure as CEO...crickets....

    She did "sincerely apologize" so I guess that counts for something. Except she did it after making away with hundreds of millions of dollars in salary and stock so it rings exceedingly hollow to me. And laying off thousands of workers. And driving a stake through the heart of a once proud internet pioneer. But hey, Marissa took care of Marissa and that's all that really matters. Right?

    Cunt. Karma is going to have a field day when it catches up to you.

  • I really don't think race, religion, creed, or gender should offer protection from earning the label of "incompetent".

  • Staff are guided by an invisible hand when they hire years of security experts?
    An invisible hand ensures PRISM got in and was not detected?
    https://en.wikipedia.org/wiki/... [wikipedia.org]
  • "Irrelevant person figures out way to get her name in news headlines again"

    I'm personally thinking of "saving Hotmail" again - I suppose I ought to issue a press release.

  • New theory:

    Slashdot, because it has the most sophisticated and robust moderation system of any major internet forum, has become a sort of R&D battleground for the rapidly evolving art of information warfare.

    All the major and many of the minor geopolitical players have their 50 cent armies marshalled here. Yet many of us civilians - of varying degrees of disinterestedness - also remain.

    It is our "hearts and minds" that the information warriors seek to win.

What this country needs is a good five cent ANYTHING!

Working...