When news broke late yesterday that Yahoo's internal investigation its own hacking crisis found that the company's senior executive team fucked up literally everything while trying to handle said hacking crisis, Yahoo watchers around the globe were heard to mutter all at once "No shit, Sherlock."
And in case you've ever pondered how close a massive public company can come to outright admitting its own incompetence in an SEC filing, please sit back and wonder now more:
Based on its investigation, the Independent Committee concluded that the Company’s information security team had contemporaneous knowledge of the 2014 compromise of user accounts, as well as incidents by the same attacker involving cookie forging in 2015 and 2016. In late 2014, senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company’s account management tool. The Company took certain remedial actions, notifying 26 specifically targeted users and consulting with law enforcement. While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company’s information security team. Specifically, as of December 2014, the information security team understood that the attacker had exfiltrated copies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team. However, the Independent Committee did not conclude that there was an intentional suppression of relevant information.
Yeah, there was no attempt to suppress vitally important security information that was widely known to be a critical problem, we just - like - didn't.
So rest easy, Verizon, you're not acquiring a terrible company that cravenly attempts to hide its major mistakes. You're merely acquiring a bad company that sees its own major mistakes, recognizes how bad they are and then sticks its thumb up its own ass for 3 years while overpaying Katie Couric with its spare hand.
Oh, and speaking of overpaying people; Marissa Mayer blogged, you guys.
As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted. When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.
Hey, this is leadership. Saying the buck stops with me and I'm responsible is how this shit is supposed to work. Kudos to Evita for stepping up.
But also, MARISSA MAYER WAS GETTING A BONUS?!?!
Really? Is it because she managed to spin off the part of Yahoo that no one likes from the part of it that has ontological value and then managed to sell that shittier part to Verizon while simultaneously trying to stifle repeated hacking revelations like a cranked-up soccer mom playing Whack-A-Mole at the county fair?
Why? Because the smoldering skeleton of what was once Yahoo is still apparently worth something to what must be the thirstiest telecom company in the history of business? And even that company is making her take a major haircut on the sales price?
How? Is Yahoo's board just going to overlook the litany of epic fails that led up to this moment in Yahoo's history? If so, she's not making it easy for them by publishing her mea culpa on fucking Tumblr. The same platform that she managed to pay $1 billion for a few years back and is now worth roughly 1,000,000,000% less.
Letting Marissa "claw back" her own bonus is not just bad optics, it's the kind of thing that makes Wells Fargo's board feel superior. It's that bad.
The only person who seems to have fully grasped what just went down here is now former Yahoo general counsel Ronald Bell. Bell's own behavior during Yahoo's security breach has apparently troubled him enough to fall on his own sword, but while he did not excel in a complicated corporate situation, it stands to reason that he might have considered disbarring himself if he spent another day as the attorney tasked with representing Yahoo's decisions to the world.