US senators are turning up the heat against technology firm Yahoo, complaining about its lacklustre response to an ongoing hacking probe into two of the biggest data breaches recorded in history that involved over a billion user accounts.
In a joint letter sent to Yahoo chief Marissa Mayer on 10 February, commerce and science committee chairman, John Thune, and consumer protection chairman, Jerry Moran, slammed a deadline on the firm and demanded urgent answers by 23 February.
"Despite several inquiries by committee staff seeking information about the security of Yahoo user accounts, company officials have thus far been unable to provide answers to many basic questions about the reported breaches," the letter said.
The committee chairs said Yahoo cancelled a planning congressional briefing on 31 January at the last minute, prompting concerns about the tech giant's "willingness to deal with Congress with complete candour" in relation to the numerous hacks revealed last year.
In September 2016, Yahoo announced in a press release that cybercriminals were able to steal at least 500 million user accounts in 2014. Then, in December, it admitted a second – even bigger – breach had been uncovered that impacted at least one billion accounts.
In the first instance, Yahoo bosses said in a notice to investors it believed a "state-sponsored actor" was able to infiltrate its computer systems. However, it provided little solid evidence to back up this assertion, and the exact timeline of events remains murky to this day.
The fallout from the cyberattacks has impacted an ongoing takeover deal with Verizon, which announced plans to purchase Yahoo's core business for a massive $4.8bn (£3.6bn) in July 2016. This deal, as previously reported, has now been pushed back.
In the midst of this, the US senators have said that protecting consumers "has been and will remain a key priority" to the commitees and appeared frustrated with the response from Mayer's Yahoo. "We have attempted to learn more about these incidents for some time," it said.
In a series of questions that now need to be answered by the end of February, the chairmen are asking the firm to say exactly how many users the hacks impacted, what type of information was compromised and outline the steps taken to enhance security since the breaches.
The senators also demanded Yahoo "provide a detailed timeline of these incidents" from the initial discovery of the compromise to the notification of its user base. For Yahoo, it's another worry to deal with, for hacked users it may represent a much-needed slice of clarity.
Read the full letter below: