Yahoo Now Alerting Users Of State-Sponsored Hacks - InformationWeek
Government // Cybersecurity
11:05 AM

Yahoo Now Alerting Users Of State-Sponsored Hacks

Yahoo will begin warning its users when the company suspects that customers' accounts have been targeted by state-sponsored hackers. Twitter and Facebook have already started similar alert systems.

7 Hot Advances In Email Security
7 Hot Advances In Email Security
(Click image for larger view and slideshow.)

First, Facebook, and Twitter started alerting users. Now, Yahoo is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

A Dec. 21 blog post by Bob Lord, Yahoo's chief information security officer, explained some of the actions users should take immediately if contacted by Yahoo in this case.

The blog post explains that if a user receives a message from Yahoo regarding a suspected hack by state-sponsored actors, users should turn on the account key, or two-step verification, to approve or deny sign-in notifications, in order to grant or refuse access to the user's account.

Lord also recommends choosing a strong, unique Yahoo account password that has never been shared or used before. He also asks users to review the company's guidelines for creating a strong password and change the account's old password.

(Image: leezsnow/iStockphoto)

(Image: leezsnow/iStockphoto)

Users should also check that their account recovery information, such as a phone number or alternate recovery email address, is up-to-date and that they still have access to them. They should remove ones that they no longer have access to or don't recognize.

Lord wrote that users should also check mail forwarding and reply-to settings, since hackers could edit these settings to receive copies of emails that users send or receive. Finally, users are also asked to review their recent activity in account settings for sessions they don't recognize.

"We're committed to protecting the security and safety of our users, and we strive to detect and prevent unauthorized access to user accounts by third parties," Lord wrote. "As part of this effort, Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor. We'll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks."

Lord also cautioned that it's important to note that, should a user receives one of these notifications, it does not necessarily mean that the account has been compromised. Rather, it suggests that Yahoo strongly suspects that the user may have been a target of an attack.

The purpose of the notification is to encourage users to take steps to secure their online presence. These warnings to Yahoo users do not indicate that Yahoo's internal systems have been compromised in any way.

[Read about the backlash against Yahoo because of ad blocking.]

"In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks," Lord explained. "However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence."

In October, social media giant Facebook announced it would start notifying its users if the social networking company suspects an account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.

Earlier this month, Twitter warned dozens of activists, researchers, nonprofits, and journalists that their accounts on the social media site have been targeted by nation-state hackers.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/28/2015 | 5:39:33 PM
Re: Big deal?
I think it is given if certain organizations which do work that is not permissible under a dictatorship government, they are bound to have problems with that government.  If there is an attack from a rogue state, are there other more efficient ways tech companies can respond to them? 
User Rank: Ninja
12/26/2015 | 9:46:14 PM
Big deal?
Is this just a PR stunt on the tech firms' part? Can someone explain if this really means anything, has any value? I am thinking it just sounds better to say something about "nation-state actors" --- sounds like you're really doing something about cyber risk. Sounds.
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
How to Retain Your Best IT Workers
John Edwards, Technology Journalist & Author,  9/26/2018
10 Highest-Paying IT Job Skills
Cynthia Harvey, Contributor, NetworkComputing,  9/12/2018
Register for InformationWeek Newsletters
Current Issue
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll