Yahoo becomes the latest company to warn users of suspected state-sponsored attacks

[midian182]

Yahoo has become the latest in a long line of technology companies that promise to alert users who they suspect have accounts that have come under attack by state-sponsored hackers. Yahoo’s Chief Information Security Officer, Bob Lord, said: “Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor,” in a blog informing users of the change.

As expected, the company isn’t revealing how it knows if an account has been targeted, or exactly how it determines the attacks are originating from government-sponsored hackers, but Yahoo did say it would only send an alert if “we have a high degree of confidence” a user is at risk.

“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”

The actions Yahoo recommends to anyone who receives an alert includes turning on an account key or two-step verification to approve or deny sign-in notifications; changing passwords to something stronger; making sure account recovery information is up to date and accessible; checking mail forwarding and reply-to settings haven’t been altered; and reviewing recent activities in the account settings.

Back in October, Facebook announced that it would start notifying users it believes have accounts that are being spied on by government agencies such as the NSA. This was followed by similar move from Twitter, who sent emails to an unknown number of users earlier this month, warning them that their accounts may have been “targeted by state-sponsored actors.”

Google, meanwhile, was one of the first big tech firms to warn people of possible state-sponsored hacks; the company started alerting its users that their accounts may have been compromised back in 2012.

Permalink to story.

https://www.techspot.com/news/63253-yahoo-becomes-latest-company-warn-users-suspected-state.html

 

[Skidmarksdeluxe]

I haven't been warned yet, I guess I'm just not interesting enough and I don't know if that's a good or bad thing but I'm leaning towards the former.

 

[p51d007]

About all I use my at&t/yahoo email for these days is for my parents. It's too much of a pain to
create a new email for me, and have them use it. It's just a spam account now.
I've had it for over 20? years. Their web email is so screwed up, sometimes it won't load, sometimes
it said "oops, something went wrong". It's a joke.

 

[MoeJoe]

About all I use my at&t/yahoo email for these days is for my parents. It's too much of a pain to
create a new email for me, and have them use it. It's just a spam account now.
I've had it for over 20? years. Their web email is so screwed up, sometimes it won't load, sometimes
it said "oops, something went wrong". It's a joke.

True.

 

[robb213]

It's pretty sad that now companies must make promises to tell users about breaches that puts their personal identification at harm. If companies were just transparent to begin with, this would be a non-issue.