With a growing number of hacks, breaches, and leaks occupying media real estate, cybersecurity is more top of mind than ever for companies and customers alike. And now, in an effort to keep their users safe, Yahoo is promising to notify individuals “of attacks by suspected state-sponsored actors.” In a blog post published Monday, the Internet giant’s Chief Information Security Officer, Bob Lord, wrote, “Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor.”
Noting that their team holds the security and safety of users at the highest esteem, Yahoo’s new policy is meant to help Internet denizens “take appropriate measures to protect their accounts and devices in light of these sophisticated attacks.”
Far from pioneers in this practice, Yahoo is the latest in a series of tech companies that have dedicated teams to informing their audience’s of potential attacks. In 2012, Google implemented warnings in the form of pink bars at the top of a user’s screen, and earlier this year, Facebook activated desktop alerts for such occasions. Most recently, Twitter began sending warning emails, and as these sort of attacks become more commonplace, it seems likely that an increasing number of players in the Internet space will have to figure out a way to keep their users in the know.
Yahoo did not reveal whether any incident spurred this policy change, with Lord simply writing, “In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks. However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.”
While the company has yet to divulge just how it will provide this sort of information, the security officer offered a few security tips to help users protect themselves. Lord recommends turning on “Account Key or Two-Step Verification to approve or deny sign-in notifications,” and provides guidelines for creating a strong password. Moreover, the search engine recommends that you “review your recent activity in your account settings for sessions you don’t recognize,” and has a number of suggestions that will work outside of Yahoo as well.
“Don’t fall for phishing attacks!” reads the blog post, and it also pushes for the installation of anti-virus software on your computer.
- Slingshot malware that attacks routers may be state-sponsored espionage tool
- How to find a lost phone, whether it’s Android, iPhone, or any other kind
- Here’s what social media giants are doing to keep extremism off your screen
- Twitter now estimates that 1.4M users interacted with fake Russian posts
- Companies are sorry about security flaws. Just not sorry enough to change