Yahoo!'s former CEO Marissa Mayer testified before congress Wednesday about a security breach that happened in August 2013.
"As CEO, these thefts occurred during my tenure and I want to sincerely apologize to each and every one of our users", Mayer said in opening remarks at the Senate hearing.
However, it was revealed later that three billion user accounts were affected.
Yahoo had bumped its estimate of affected accounts from a previous 1B to all of them (3B in total).
In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, the first time the United States government has criminally charged Russian spies for cyber crimes.
Yahoo initially revealed its breach previous year, later lowering the price for its main web properties for a sale to Verizon Communications Inc. Yahoo's former CEO Marissa Mayer, as well as parent company Verizon's chief privacy officer Karen Zacharia, also testified.
For Yahoo, lawmakers are probing a 2013 breach, which the company reported in December of 2016 as it proceeded with its plans to merge with Verizon.
Although Mayer testified that the 2014 breach was state-sponsored, Yahoo still hasn't concluded who was responsible for the 2013 hack.
It was only in 2016, when law enforcement brought files to Yahoo containing user information that had been found online, that it even realized its defenses had been breached, she said.
"When you think of a sophisticated state actor, China or Russian Federation, your companies can't stand up against them", said Florida's Senator Bill Nelson. But she also said the U.S. government has to do more to empower law enforcement to pursue and stop hackers, especially the state-sponsored kind.
It was a packed house on Capitol Hill: both the current and former Equifax CEOs, Paulino do Rego Barros, Jr. and Rick Smith, respectively, testified.
Mayer apologized for both breaches and said that its hard for companies to fight against state-sponsored attackers who "tend to be more sophisticated, more persistent and who attack more targets.They're very good at hiding their tracks", she said.
The current and former chief executives of credit bureau Equifax, which disclosed in September that a data breach affected as many as 145.5 million US consumers, said they did not know who was responsible for the attack. The companies also said they would work with Congress on more comprehensive data security reforms. He said Mayer's testimony was "important in shaping our future reactions".