Yahoo is following in the steps of the other major players of the Internet, and is now notifying its users when it suspects a state-sponsored hacker has targeted your account.
Bob Lord, Yahoo’s Chief Information Security Officer, made the announcement on Yahoo’s blog, writing:
“We’re committed to protecting the security and safety of our users, and we strive to detect and prevent unauthorized access to user accounts by third parties. As part of this effort, Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor.
“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”
Tech giants have been increasingly doing more to help users who are victims of state-sponsored attacks.
Yahoo joins Google and Facebook who already notify their users if they believe your account has been targeted or compromised.
However Yahoo makes it clear that:
“It’s important to note that if you receive one of these notifications, it does not necessarily mean that your account has been compromised. Rather, we strongly suspect that you may have been a target of an attack, and want to encourage you to take steps to secure your online presence.
“In addition, these warnings to our users do not indicate that Yahoo’s internal systems have been compromised in any way.”
If you do receive a notification from Yahoo, here are some actions they recommend you take:
- Turn on Account Key or Two-Step Verification to approve or deny sign-in notifications, which grant or refuse access to your account.
- Choose a strong, unique Yahoo account password you’ve never shared or used before. Review our guidelines for creating a strong password, and change your account’s password.
- Check that your account recovery information (phone number or alternate recovery email address) is up to date, and that you still have access to them. Remove ones that you no longer have access to or don’t recognize.
- Check your mail forwarding and reply-to settings. Hackers could edit these settings to receive copies of emails you send or receive.
- Review your recent activity in your account settings for sessions you don’t recognize.
Protecting yourself outside of your Yahoo account is also just as important. Yahoo strongly encouraging its users to:
- Don’t fall for phishing attacks! Don’t click links if you’re not sure about them. Yahoo will never ask you to provide your account information via email. If an email includes a link to Yahoo that asks for your password, close the window and sign in via https://login.yahoo.com directly.
- Install anti-virus software on your computer and ensure that your computer and other devices have all the latest security updates applied.
- Review the account security guidelines posted by other services you use. For example, social networks, financial institutions, and other email providers. Follow their guidelines to secure those accounts, too.
Yahoo won’t reveal how they detect a potential state-sponsored attack, citing that it will prevent the hackers from learning their detection methods. However, if you are sent a notification, Yahoo has a high degree of confidence that you have been targeted.
Lord finishes his post saying: “We will continue to refine our detection and notification of state-sponsored threats, and remain committed to keeping your account safe from unauthorized access.”