The 42-year-old, who testified before the Senate Commerce Committee on Capitol Hill in Washington on Wednesday, said the thefts occurred during her almost five-year tenure and she wants to 'sincerely apologize to each and every one of our users'.
Yahoo initially revealed its breach previous year, later lowering the price for its main web properties for a sale to Verizon Communications Inc.
One of those suspected hackers, Karim Baratov, has even been arrested and extradited to the US.
Yahoo, which announced last month that a 2013 breach affected far more customers than previously thought, has doubled its security staff, helping to deflect "a barrage of attacks", Mayer said in remarks to be delivered Wednesday before the Senate Committee on Commerce, Science and Transportation.
"The threat from state sponsored attacks has changed the playing field so dramatically that today I believe all companies, even the most well defended ones, could fall victim to these crimes", she said.
In the end, she said "Russian agents intruded on our systems and stole our users" data'. A Mayer spokesperson said Tuesday she was appearing voluntarily.More news: Bengals fall to 3-5 after 23-7 loss to Jaguars
In response to questioning, former Yahoo chief executive Marissa Mayer said customers should own their data.
Mayer testified along with interim Equifax CEO Paulino do Rego Barros Jr. and former Equifax CEO Richard Smith, as well as Verizon's chief privacy officer Karen Zacharia and Entrust Datacard CEO Todd Wilkinson.
'A single federal standard would ensure all consumers are treated the same with regard to notification of data breaches that might cause them harm, ' Thune said.
Sen. John Thune, R-S.D., the committee chairman, said 48 states have separate laws governing how and when companies must notify consumers of a breach. A breach at the credit-reporting company earlier this year exposed personal data for 145 million consumers. "Not fines, or other penalties - or real deterrents", said Connecticut Sen.
Equifax revealed that hackers had gained access to sensitive information of 143 million US consumers.
Consultants hired by Equifax to investigate haven't been able to identify the attackers, according to a summary of their report provided to Senate staff before Wednesday's hearing and obtained by Bloomberg. "We verified that it came from Yahoo, but we don't exactly understand how the act was perpetrated", she told the committee.