Yahoo to Warn Users of State-Sponsored Attacks

Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor.

Bob Lord, who was hired as the company’s new CISO in October, discussed the initiative in a blog post Monday.

Lord said Yahoo will only notify users only if it “strongly suspects” their account may have been targeted by a state-sponsored actor. From there it will give users a series of steps to take to verify their accounts are safe.

Those steps include default safety mechanisms Yahoo already offers, like turning on two-step verification, enabling a Yahoo account key, and maintaining a strong and unique password.

Lord stresses the warnings won’t mean that Yahoo’s systems have been compromised, or even that the users’ account has been hacked necessarily, instead that the company suspects the user has been targeted.

Yahoo is the latest company to offer such notifications. In October Facebook announced that it would begin informing users when it believes their account is either targeted by an attacker or has been compromised by a nation-state campaign.

Just last week Twitter began rolling out notifications to a handful of users, including several connected to the privacy and security industry, that their accounts may have been targeted by state-sponsored hackers. Twitter claimed that hackers, possibly associated “with a government,” were attempting to steal users’ email addresses, IP addresses and phone numbers.

Twitter did not inform users how it arrived at this conclusion, and was a little vague when it came to telling users what to do next.

“The notification was not terribly helpful. The message states that my account may have been targeted, but it does not say much about what I can or should do next,” Runa Sandvik, a privacy and security researcher who received a notification, told Threatpost last week.

Like Twitter and Facebook, Yahoo wouldn’t specify exactly how it plans to know whether an attack is state-sponsored, citing security reasons.

“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” Lord wrote, “However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.”

About author:

Comments are closed here.