Yahoo has become the latest in a long line of technology companies that promise to alert users who they suspect have accounts that have come under attack by state-sponsored hackers. Yahoo’s Chief Information Security Officer, Bob Lord, said: “Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor,” in a blog informing users of the change.
As expected, the company isn’t revealing how it knows if an account has been targeted, or exactly how it determines the attacks are originating from government-sponsored hackers, but Yahoo did say it would only send an alert if “we have a high degree of confidence” a user is at risk.
“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”
The actions Yahoo recommends to anyone who receives an alert includes turning on an account key or two-step verification to approve or deny sign-in notifications; changing passwords to something stronger; making sure account recovery information is up to date and accessible; checking mail forwarding and reply-to settings haven’t been altered; and reviewing recent activities in the account settings.
Back in October, Facebook announced that it would start notifying users it believes have accounts that are being spied on by government agencies such as the NSA. This was followed by similar move from Twitter, who sent emails to an unknown number of users earlier this month, warning them that their accounts may have been “targeted by state-sponsored actors.”
Google, meanwhile, was one of the first big tech firms to warn people of possible state-sponsored hacks; the company started alerting its users that their accounts may have been compromised back in 2012.