Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Yahoo CEO Marissa Mayer Apologizes For Data Breach, Blames Russians (reuters.com)

Posted by msmash on from the seeking-forgiveness dept.

Former Yahoo chief executive officer Marissa Mayer apologized today for a pair of massive data breaches at Yahoo and blamed Russian agents on the growing number of incidents involving major U.S. companies. A reader shares a report: "As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users," she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax and a senior Verizon Communications executive. "Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

29 of 212 comments (clear)

  1. My product sucks so by OffTheLip · · Score: 5, Insightful

    blame Russia. I sense a pattern here.

    1. Re:My product sucks so by Mitreya · · Score: 4, Funny

      I sense a pattern here.

      Also We're sorry.
      No one takes responsibility, no one invests in better security, but they are sorry.

    2. Re:My product sucks so by Thud457 · · Score: 4, Funny

      They're in our Thoughts and Prayers.

      It's the least we can do.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    3. Re:My product sucks so by avandesande · · Score: 2

      Russian consultants told them to store plain text passwords.

      --
      love is just extroverted narcissism
    4. Re:My product sucks so by redshirt · · Score: 2

      While she's at it, she can also blame NFL player protesters, Equifax, Super Storm Sandy, and 9-11.

  2. It's becomming a fad these days .... by Jerry · · Score: 5, Insightful

    losers blaming Russians for their own incompetency.

    --

    Running with Linux for over 20 years!

  3. RUSSIA by amiga3D · · Score: 5, Insightful

    It's always a good idea to blame other's for your incompetence. If it wasn't the RUSSIANS it'd be the CHINESE or the INDIANS or some other nation. Cyberspace is like the wild west. Strap on a six shooter and defend yourself.

    1. Re:RUSSIA by bluefoxlucid · · Score: 5, Insightful

      That's the thing: as a project manager, I look at things we would do differently next time. Factors outside our control are explanations, but not excuses.

      It's kind of annoying that, as a Democrat aligned with the Democratic party philosophies, I have to keep pointing out that Hillary wrote a whole god damned book about why she lost the 2016 election--and blamed everyone else. H.R. McMaster had written a book called "Derelection of Duty" for which he was criticized in reviews because he didn't address the superior strategy and military power of the Vietcong; yet he did exactly what he should have done: he addressed everything the American administration did wrong, because we can't expect the Vietcong to play along nicely in the war.

      Yes, the Russians are coming to hack you. Yes, that's going to cause an uptick in incidents, regardless of what you do. Now harden up and figure out how you're going to keep this shit to a minimum, because that's your job, and it's the only thing you have control over.

      --
      Support my political activism on Patreon.
    2. Re:RUSSIA by ctilsie242 · · Score: 4, Interesting

      A car example of this would be someone who leaves their keys in an unlocked vehicle. First, someone from Lower Elbonia steals the car. Then, someone from Latveria. Then, someone from Cobra Island, and then someone from the Greater East Asia Co-Prosperity Sphere. Yes, one can blame these countries, but there is also the issue that anyone from anywhere could see the car keys and want to go for a ride.

      There comes a point where, yes, a theft is a theft, but there needs to be some culpability in failing to secure things. At least Europe is taking steps to break the "security has no ROI" cycle with the GDPR. It is not perfect, but losing 4% of total earnings is a pretty big incentive to actually spend some on basic security design [1]. Security isn't rocket science. Good security practices have been around since the Cold War era, and OPSEC practices have been around since people started trying to kill each other in groups.

      Good security can be done. It is just bothering to spend the resources to do so.

      [1]: For example, it isn't hard to secure a database. I've seen a startup use transparent encryption through a HSM to ensure that an intruder isn't going to be able to dump the DB and make off with the goodies. If those guys could do it, a well-heeled company can easily implement this, plus many other defense in depth measures. To secure AD, it isn't hard to set up policies requiring 20+ characters for service accounts, and a short (3-5 minutes) lockout period for user accounts, coupled with a real time monitoring system to catch brute force attempts.

  4. Canada by tsa · · Score: 5, Funny

    What happend to good old Blame Canada?

    --

    -- Cheers!

    1. Re:Canada by Mashiki · · Score: 5, Insightful

      It was replaced. First by 4chan, then gamergate, and now Russia. Blaming someone else is the typical cop-out by people who refuse to take responsibility for their actions(or in-action).

      --
      Om, nomnomnom...
    2. Re: Canada by Mashiki · · Score: 2, Informative

      Are you actually under the insane impression that Gamergate is remotely innocent? Because if so, you should really try what I'm smoking.

      The FBI couldn't find any proof, so you tell me. The only proof they found was of 3rd party trolls, that was it. If you think gamergate is responsible for 'harassment' or 'doxing' or whatever bullshit some socjus is pushing, you should really dig into it more. It's kinda like how Sarkeesian cancelled a talk at a university in response to a gun threat(how it was presented to people by the media). The truth is that the state is open-carry, and they refused to comply to any of her demands regarding it. This was then followed up by Kotaku who said there was a bomb threat the day(or two after). Which happened 6 months before that. On the other hand? There's plenty of evidence of the big name anti-gamergate people simply being shitty humans. You've got the list of them who have been convicted by courts for rape/sexual assault, then the others who've been accused. Then the others who called in bomb threats to synagogues. Then there's the others that engaged in doxing and harassment, but that's a whole 'nother topic. I'm sure you might bring up "seattle4truth" but never mind that he'd been banned from every chan board, reddit sub, and ignored by anyone relating to GG roughly 3 months in. Went slowly insane, went anti-gg, and then went full conspiracy retard. But then I can always bring up the anti-gg die-hard feminist who blew his girlfriends head off. So you enjoy that shitshow.

      Or you can go visit one of the anti-gg boards on reddit, and enjoy the shitshow of identity politics, active doxing, threats and harassment.

      Then, we can get into garbage like this. Where the media is outright lying to you, and blaming gamergate when it didn't even exist yet. Are you paying attention to the bullshit being painted now? It's just like the garbage yesterday with "Trump and a koi pond and the 'international incident'" Never mind that Trump dumped the food in after Abe(who dumped ~1/3 of a box). Go on, watch those videos. It'll only take you 15 minutes, enjoy the lies, enjoy the bullshit while you're at it.

      --
      Om, nomnomnom...
  5. Back in 1984 by cloud.pt · · Score: 5, Insightful

    I love how every single US problem these days is insta-mitigated with "blame the russians".

    1. Re:Back in 1984 by thinkwaitfast · · Score: 4, Informative

      I don't even recall this happening during the cold war.

  6. Hey Marissa by 93+Escort+Wagon · · Score: 5, Insightful

    If you really felt you were at fault, you'd give all those millions of dollars back.

    But it's quite obvious what's she's saying is "sorry not sorry" - "I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way".

    --
    #DeleteChrome
    1. Re:Hey Marissa by Mitreya · · Score: 2

      "I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way"

      So what is missing from that apology is any(!) indication that next time she would invest in proper security. From what I gather, a lot of these issues could be mitigated by having well funded IT security division.

      Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

      Oooh, well, if they took the radical step of requiring users to change passwords, then I guess there is nothing else to be done.

  7. US needs legal liability by EndlessNameless · · Score: 5, Interesting

    Good luck if you want to hold anyone accountable for any of this. Maybe you have the time and money to slug it out in the courts. Or years to wait for a verdict.

    We have some experience with addressing this. Companies can get slapped pretty hard for violating HIPAA---either for improper disclosure or poor security. However the law was written, it is effective in making them think about security properly. A law by itself doesn't guarantee good conduct across the board, but it certainly helps when there are consequences.

    If any congressman wants to extend HIPAA-level security requirements to any system that handles the personal information of American citizens, he gets my vote automatically. We should have done it 20 years ago. Better late than never.

    Unless there are new rules and new consequences, nothing will change. Wallets and ballots, people.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  8. Re:Should have colluded with Russia like Trump by Anonymous Coward · · Score: 5, Insightful

    Wouldn't it be better if Yahoo just colluded with Russia's attack on its users like Trump colludes with Russia's attacks on America while denying that Russia is responsible for the crimes that he colludes with?

    You obviously missed the fact that the Russian lawyer supposedly colluding with Trump met with the same group Hillary! hired to create that fake Trump dossier.

    Yep, that same Russian lawyer met with Fusion GPS right before and right after Don Jr. said, "WTF?!?!" to her when she tried to entrap him.

    Who's colluding with Russia?

    "Follow the money"

    Democrats paid Fusion GPS. Fusion GPS created that fake Trump dossier. Fusion GPS met with the Russian lawyer who tried to meet with Trump.

  9. Why spend money on security.. by sqorbit · · Score: 5, Insightful

    ...when it's way easier just to blame Russia. Lots of American's will jump on board with this. Russian hacking is the bad guy, we're the good guys. Now we can all just ignore that fact that US corporations are constantly targets because of horrible security policies and crappy management.

    --
    Sent from my TARDIS
    1. Re:Why spend money on security.. by wwphx · · Score: 2

      They also didn't spend money on good code. I've been using Yahoo Mail for years, and whenever it comes up with the "Yahoo Mail logs you out periodically for security purposes", or whatever the stupid message says, you don't have to log back in again 95% of the time. Type mail.yahoo.com and you're back in your mail again without typing in your password.

      Bad design by design.

      --
      When you sympathize with stupidity, you start thinking like an idiot.
  10. Indeed by nospam007 · · Score: 5, Funny

    " I want to sincerely apologize to each and every one of our users,"

    Both of them.

  11. Heard in class yesterday by DontBeAMoran · · Score: 5, Funny

    Teacher: Where's your homework, Timmy?
    Timmy: The Russians stole it!

    --
    #DeleteFacebook
  12. "The Russians Pooped In The Hall!" by Archtech · · Score: 4, Funny

    https://uploads.disquscdn.com/...

    --
    I am sure that there are many other solipsists out there.
  13. Burglary is illegal even if the door is unlocked by Geoffrey.landis · · Score: 2

    See subject: If "russians" (or anyone else instead of the current 'patsy' russians) found a door they left unlocked @ Yahoo (or YouTube etc.) whose fault is it REALLY folks?

    Both, of course. The defense "the door wasn't locked so I came in and took your stuff" will not get you off from a charge of burglary. And the defense "but the lock was really easy to defeat" is even a worse excuse.

    This is a form of false dichotomy: the fact that one party has blame does not mean that another party is not also in the wrong.

    --
    http://www.geoffreylandis.com
  14. Re:Burglary is illegal even if the door is unlocke by NicknameUnavailable · · Score: 3, Insightful

    A) It's the internet, a system known to have innumerable malicious actors who will fuck up your shit just for the sport of it, even if it's not valuable. If you plug something into it you assume the risk and in turn the burden of securing it

    B) This is Marissa Mayer we're talking about, the woman who sank Yahoo! after getting the job running it purely on the basis of social justice and as a gimmick to attract the SJW crowd to the already-dying platform. No amount of external bad actors had anything to do with that, it would have sank just as readily without them (and probably without her, for that matter.)

    Yahoo! is the product of the dot-com bubble when everyone and their mother was throwing money at tech, especially search engines. They failed to monopolize the market while someone else didn't so they sucked and died. The underlying cause is that we exist in an economy which strongly favors monopolies, and for something like a search engine with huge data and computational requirements that certainly applies no less. Moreover, Yahoo! was the ADHD-riddled company in the search engine business, they tried social networking, search, image sharing, video sharing, instant messaging, chat, eCommerce, etc and they every single one badly - even managing their already-successful-but-doomed-by-association acquisitions. Hell, they even partnered with Microsoft's Bing and handed over their one asset - the data they acquired over the years - to remain relevant for a couple of more years. Yahoo! is the example of everything not to do as a company and at least half their board (that I know of) were actually smoking meth on a daily basis.

  15. blaming Russians... wait... by Tom · · Score: 2

    So are Russians now incredibly competent and advanced, or are they backwater vodka-drinkers? Make your pick, but it's only one of those. Either those Russians are very competent and can break into stuff where other people can't, or they're a 3rd world country that plays big under an evil dictator. But those things don't mix. We just see the narrative changed all the time, depending on what the purpose is.

    --
    Assorted stuff I do sometimes: Lemuria.org
  16. She's in front of Congress by rsilvergun · · Score: 2

    she probably has some actual evidence that the hack originated in Russia. And it probably did. Russia and the old Soviet Block countries are full to the brim with out of work software engineers. Didn't you ever wonder why most hacks and quasi-legal software is made over there? China doesn't have this problem because their big manufacturing base absorbs those engineers (and if all else fails the gov't will do make work to keep them from causing trouble).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  17. Nice try Marissa by erp_consultant · · Score: 4, Insightful

    The dog ate my homework. Let's just blame everything on "the Russians". Well, that narrows it down to a few hundred million people. Let's not bother to actually try and find out which "Russian" may have perpetrated this act. No let's just leave it at that and call it a day. Great way to deflect attention from the fact that this massive breech occurred ON YOUR WATCH.

    Well, at least you managed to get all those people working from home back into the office. Because if they are working from home they can't possibly keep an eye on those pesky "Russians". Except that..oh...it happened anyway. So I guess that one kinda backfired. At least you can point to your tremendous success in every portfolio you touched during your tenure as CEO...crickets....

    She did "sincerely apologize" so I guess that counts for something. Except she did it after making away with hundreds of millions of dollars in salary and stock so it rings exceedingly hollow to me. And laying off thousands of workers. And driving a stake through the heart of a once proud internet pioneer. But hey, Marissa took care of Marissa and that's all that really matters. Right?

    Cunt. Karma is going to have a field day when it catches up to you.

  18. Re:Burglary is illegal even if the door is unlocke by Geoffrey.landis · · Score: 2

    Is the person who walked in and stole everything a criminal? Yes.
    Am I liable for my negligence? Almost certainly.

    Exactly. The correct answer to the question is "both."

    --
    http://www.geoffreylandis.com