Explain! yourself! US! senators! yell! at! Yahoo!
Purple Palace pressed to come clean on its mega-breaches
A couple of US senators have accused Yahoo! of not cooperating with their attempts to investigate its now-notorious database security breaches.
Republicans John Thune (chair of the US Senate's Committee on Commerce, Science and Transportation) and Jerry Moran (chair of its sub-committee for Consumer Protection, Product Safety, Insurance and Data Security) co-signed the missive last Friday (February 10, 2017).
One of their complaints, The Register suspects, will be familiar to anyone caught up in the company's 2013 and 2014 data breaches: “Despite several inquiries … company officials have thus far been unable to provide answers to many basic questions about the reported breaches”.
Yahoo!'s cancellation of a planned meeting with their staff on January 31 didn't improve the senators' mood at all.
The letter notes that the company's briefing to the Committee in September 2016 left senators wanting more information. But “Yahoo! has not attempted to supplement its answers to the Committee as new information has become available, despite committing to do so”.
The senators want Yahoo! to provide accurate numbers of users affected by the 2013 and 2014 breaches, a detailed outline of what user data was compromised, consumer protection and systems mitigations put in place, and a detailed timeline of the incidents.
As revealed in November 2016, an SEC filing by Yahoo! showed information about the 2014 breach circulated within the company for a decent period of time. The senators' letter indicates that information hasn't yet landed in front of the committee.
The breaches – and the revelation that as late as 2013 passwords were secured by known-to-be-insecure MD5 hashes – have delayed Marissa Mayer's plan to sell Yahoo! to Verizon.
The Wall Street Journal says Yahoo! is “considering” its response to the letter. ®