Yahoo is in the midst of a sale to Verizon and it finds itself at the center of a new controversy. Nevermind the fact that the company recently confirmed a major cyberattack that left more than 500 million user accounts compromised, it was reported yesterday that Yahoo complied with a top secret order from the NSA and scanned all incoming emails of its users, and a new report now claims that Yahoo CEO Marissa Mayer routinely kept secrets from the company’s security team.
Business Insider hears from a former Yahoo executive who says that Mayer kept secrets from important members of the security team as part of the company’s culture of secrecy and it’s prioritization of other business objectives.
“In the Mayer world, it became highly secretive,” the former executive said, adding that things got a point where the head of security wasn’t even part of the discussion. This was corroborated in yesterday’s report which said that Yahoo’s chief information security officer in 2015 Alex Stamos was not informed by Mayer of her decision to scan all incoming emails for the government.
Stamos and the security team only found out about the secret program after testing Yahoo’s systems for vulnerabilities and discovering software which they first thought had been installed by hackers. The scanning software had been installed by Yahoo’s own engineers and the security team was apparently in the dark about it. This didn’t sit well with Stamos who resigned in protest.
The unnamed source adds that security issues were routinely “pushed down, dismissed, or out-and-out ignored” at Yahoo which could be why some of Yahoo’s security engineers have left the company. Yahoo has had four chief information security officers in the past six years with Bob Lord, the current CISO, being on the job for less than a year.
Mayer has not personally responded to this report, in a statement emailed to Business Insider Yahoo said that it is “a law abiding company, and complies with the laws of the United States.” This is the exact brief statement it gave to Reuters yesterday which exclusively reported about the company’s agreement with the NSA to scan all incoming emails.