Marissa Mayer misses out on Yahoo bonus as true scale of forged cookies security breach is revealed
Yahoo CEO Marissa Mayer is not going to receive her annual bonus this year as the company punishes her for failing to react quickly enough to a security breach in 2014. Her bonus is to be shared between staff instead.
The security breach, followed by another in 2016 involving the use of forged cookies, meant Yahoo's sale to Verizon had to be renegotiated, slashing millions of dollars from the price. The company has revealed that around 32 million user accounts were accessed using forged cookies, and while this is nothing like the 500 million accounts affected by the 2014 breach, it rocked faith in Yahoo and Mayer felt it best to also pass on her stock award.
In its annual filing Yahoo says: "In late 2014, senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the company's account management tool. The 2014 security incident was not properly investigated and analyzed at the time, and the company was not adequately advised with respect to the legal and business risks associated with the 2014 security incident."
At the time of the breach, a mere 26 people were warned that their accounts had been accessed. The company goes on to say: "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies."
In a post on her Tumblr blog, Mayer writes:
As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted. When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo's success in 2016.