Yahoo will now tell you if your account is attacked by government hackers
Yahoo has announced in a blog post that it will warn users if it thinks their accounts are being attacked by state-sponsored hackers. (We saw the news over on ZDNet.)
Yahoo joins a number of other tech companies aking similar measures as privacy issues becoming increasingly front-and-centre: Facebook, Google and Twitter all warn you if they think you're being targeted.
"We're committed to protecting the security and safety of our users, and we strive to detect and prevent unauthorized access to user accounts by third parties," Yahoo's chief information security officer Bob Lord writes. "As part of this effort, Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor. We'll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks."
He goes on: "If you receive one of these notifications, it does not necessarily mean that your account has been compromised. Rather, we strongly suspect that you may have been a target of an attack, and want to encourage you to take steps to secure your online presence. In addition, these warnings to our users do not indicate that Yahoo's internal systems have been compromised in any way."
How does Yahoo determine if an attack is "state-sponsored"? It's not saying. "In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks. However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence."
In December, multiple Twitter users - including activists and security researchers - recieved messages from the social network warning them that they had been targeted by government hackers. "We are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors," it said. "We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers."