A former Yahoo executive has blamed "Russian agents" for a massive data breach in 2014 at the Internet company and said no company is immune from such threats.
At a U.S. congressional hearing on growing cyberattacks on major U.S. companies on November 8, former Yahoo Chief Executive Marissa Mayer said that the company put in place numerous safeguards to prevent such breaches, but "Russian agents" who were later prosecuted by the FBI found a way to overcome them.
"Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data," she told the Senate Commerce Committee.
"As we all have witnessed, no company, individual, or even government agency is immune from these threats," Mayer said.
In March, U.S. prosecutors charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, the first time the U.S. government had criminally charged Russian spies for cybercrimes.
Those charges came amid controversy relating to alleged Kremlin-backed hacking of the 2016 U.S. presidential election and possible links between Russian figures and associates of President Donald Trump. Russia has denied trying to influence the U.S. election.
Meanwhile, Yahoo disclosed a second, larger breach in 2013 that last month it said had affected all 3 billion of its e-mail accounts.
The FBI has said the 2013 breach was unrelated to the 2014 one, and that an investigation of the larger incident is continuing.
Mayer told the Senate committee under questioning that she did not know if Russians were responsible for the 2013 breach.
Mayer said even "robust" defenses were not enough to defend against such state-sponsored attacks and compared the fight with hackers to an "arms race."
"We now know that Russian intelligence officers and state-sponsored hackers were responsible for highly complex and sophisticated attacks on Yahoo's systems," Mayer said.
She said a "really aggressive" pursuit of hackers was needed to discourage the efforts, and that even the most well-defended companies "could fall victim to these crimes."
