Published on December 23rd, 2015 📆 | 6310 Views ⚑
0Yahoo to Warn Users of State-Sponsored Attacks
https://www.ispeech.org/text.to.speech
Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor.
Bob Lord, who was hired as the companyâs new CISO in October, discussed the initiative in a blog post Monday.
Lord said Yahoo will only notify users only if it âstrongly suspectsâ their account may have been targeted by a state-sponsored actor. From there it will give users a series of steps to take to verify their accounts are safe.
Those steps include default safety mechanisms Yahoo already offers, like turning on two-step verification, enabling a Yahoo account key, and maintaining a strong and unique password.
[adsense size='1']
Lord stresses the warnings wonât mean that Yahooâs systems have been compromised, or even that the usersâ account has been hacked necessarily, instead that the company suspects the user has been targeted.
Yahoo is the latest company to offer such notifications. In October Facebook announced that it would begin informing users when it believes their account is either targeted by an attacker or has been compromised by a nation-state campaign.
Just last week Twitter began rolling out notifications to a handful of users, including several connected to the privacy and security industry, that their accounts may have been targeted by state-sponsored hackers. Twitter claimed that hackers, possibly associated âwith a government,â were attempting to steal usersâ email addresses, IP addresses and phone numbers.
Twitter did not inform users how it arrived at this conclusion, and was a little vague when it came to telling users what to do next.
âThe notification was not terribly helpful. The message states that my account may have been targeted, but it does not say much about what I can or should do next,â Runa Sandvik, a privacy and security researcher who received a notification, told us last week.
[adsense size='1']
Like Twitter and Facebook, Yahoo wouldnât specify exactly how it plans to know whether an attack is state-sponsored, citing security reasons.
âIn order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,â Lord wrote, âHowever, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.â
Gloss