Yahoo is going to begin notifying users when it suspects they’ve been targeted by state-backed hackers.
“We’re committed to protecting the security and safety of our users, and we strive to detect and prevent unauthorized access to user accounts by third parties,” Chief Information Security Officer Bob Lord wrote in a blog post on the site. “As part of this effort, Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor.”
Related Story: http://www.washingtonexaminer.com/article/2578286
Lord added, “It’s important to note that if you receive one of these notifications, it does not necessarily mean that your account has been compromised. Rather, we strongly suspect that you may have been a target of an attack, and want to encourage you to take steps to secure your online presence.”
Yahoo is the third major tech company to introduce such a measure. Facebook announced the same policy October, while Google did so in 2012. Twitter never announced it as a formal policy, but did notify a small group of users this month that they appeared to have been targeted.
Online accounts have been increasingly targeted by a handful of foreign actors over the past year. In Twitter’s case, the users targeted were mostly associated with the “Tor Project,” an Internet browser that enhances anonymity on the Web, and can be used to bypass Internet censorship. Russia has offered to pay researchers to obtain information that could contribute to disabling the browser.
Officials have also warned that past and present employees of the federal government are at risk of being targeted by China, particularly on social media. The warnings follow a breach of the Office of Personnel Management that resulted in information being stolen on more than 22 million people who have applied for security clearances.
“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” Lord added. “However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.
Related Story: http://www.washingtonexaminer.com/article/2574545
“We will continue to refine our detection and notification of state-sponsored threats and remain committed keeping your account safe from unauthorized access,” the statement concluded.
