Yahoo CEO Marissa Mayer rejected the most basic security measure - an automatic reset of users passwords after the major hack - because she feared it would scare away customers, reports claim

Yahoo CEO Marissa Mayer refused to offer users an automated password reset after the major hack - because she feared it would scare away customers, according to reports.

Around 500 million Yahoo accounts were hacked in 2014 - making it one of the largest security breaches in history.

A source close to Yahoo told the Financial Times that Mayer was informed of the potential breach as early as July.

But the CEO, who often clashed with the company's internal security team on costs, rejected the idea of sending out an automated email requiring users to update their passwords.

The move is standard practice following a hack and is considered the most basic security step.

But sources told the New York Times that the suggestion was rejected by Mayer's team over concerns it could worry users and send them scurrying away to Yahoo's more successful rivals.

Yahoo has faced criticism over its security in the past.

In 2010, Chinese state hackers attacked Yahoo, Google and another of other tech firms.

In response, Google declared 'never again' and invested in a top security team with hundreds of security engineers with six-figure signing bonuses.

They also began paying hackers 'bug bounties' to find and report security holes.

Around 500 million Yahoo accounts were hacked in 2014 - making it one of the largest security breaches in history

Yet it was three years before Yahoo employed their own bug bounty hunters - and only after another series of embarrassing security breaches and spam attacks.

Mayer joined the struggling company in 2012, as a high flying former Google executive credited with creating its iconic colorful logo and design.

She turned her attention to making Yahoo an unparalleled rival, improving its search systems, creating a new app and shifting the focus on video which has been such a success it has been able to attract big names such as Katie Couric.

But when it came to security, Mayer was allegedly more concerned with budget restraints.

The 'Paranoids,' the internal name for Yahoo's security team, would often clash with Mayer over the firm's spending on security.

They claim that their concerns were often ignored because it would potentially slow down or impact upon Yahoo's running systems - affecting users experience. Other requests were allegedly overridden due to profit concerns.

In 2014, after security concerns, Yahoo chose to hire chief information security officer, Alex Stamos who had a reputation for pushing privacy and security measures.

Virginia Senator Mark Warner (pictured) asked the US Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the hacking attack affecting 500 million user accounts.

He initiated a number of security measures which have been lauded by the security community.

But once again found himself clashing with Mayer over spending.

And last week, Yahoo's reluctance to invest as much as its rivals in security appeared became apparent, when the firm announced that an unnamed foreign government stole the credentials of 500 million users in a breach that went undetected for two years.

According to the Financial Times, the Yahoo executive was aware that her company received a tip back in July from an anonymous hacker who claimed that information from 200million accounts was stolen.

Virginia Senator Mark Warner has since asked the US Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the hack.

'Press reports indicate Yahoo's CEO, Marissa Mayer, knew of the breach as early as July of this year,' Warner said in a letter to SEC Chairwoman Mary Jo White.

'Despite the historic scale of the breach, however, the company failed to file a Form 8-K disclosing the breach to the public.'

Yahoo filed a Form 8-K hours after it announced the data breach, according to ABC News.

The revelation may now compel the federal government to intervene.

Yahoo began investigating the claim and found no evidence to suggest that the hacker, who goes by the name Peace, was correct, claims an unnamed source who was briefed on internal discussions.

The Securities and Exchange Commission (whose Washington headquarters is pictured above) may intervene to determine whether Yahoo withheld key information from investors

Nonetheless, the allegation triggered a more thorough investigation that found a far more serious security breach, the results of which were announced earlier this week.

Mayer could be in hot water with the federal government, particularly since her company had agreed to sell its main business operations to communications giant Verizon back in July for $4.8billion.

Even though the company was conducting an investigation back in July, Verizon said it learned of the breach earlier this week.

In its regulatory filing with the Securities and Exchange Commission earlier this month, Yahoo said that it did not know of 'any incidents' of 'security breaches, unauthorized access or unauthorized use' of its systems.

According to the filing, Yahoo said that it knew of no investigation into claims regarding personal data that could 'reasonably be expected to have a Business Material Adverse Effect.'

'Marissa was aware absolutely — she was aware and involved when Peace surfaced this allegation in July,' a source told the Financial Times.

'[She] was part of the investigation and conversation from the very beginning and along with the team every step of the evidentiary gathering and analysis process.'

'In fact, the key executive team has been engaged from the very beginning.'

Withholding information from investors that could impact the valuation of a company may compel the SEC to get involved, according to legal experts.

'The SEC is going to want to know exactly what they knew and when they knew it,' Stewart Baker, a partner at law firm Steptoe & Johnson and a former National Security Agency general counsel, told FT.

'The SEC has been eager to investigate people who are slow to disclose breaches. This is an obvious target.'

'They might get a letter or phone call from someone in enforcement relatively soon,' a former SEC official told FT.

'If I were at the SEC, I'd be looking for the perfect case, the perfect storm,' said Washington attorney Kim Phan. 'This may be it.'

A spokesperson for Yahoo told FT that the company was truthful and forthcoming.