Following lead from Google and others, Yahoo has now announced that it will issue a warning to its users in case of a state-sponsored attack. The users will be warned through a notification that will alert them in case their account has fallen prey to state-sponsored hackers.
Speaking about this new initiative Bob Lord, Yahoo’s chief information security officer, stated in a blog post that,
We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks.
Lord also described in the blog that Yahoo will provide its users with a list of options to secure their account in case of an attack. If a user does receive a mail from Yahoo notifying an attack, then users will be asked to turn on the two-step verification process to approve or deny sign-in notifications. Then the user has to set a password for the Yahoo account.
Once this is done, the user will be guided through a series of additional steps such as updating phone number or alternate recovery email address, and checking the mail forwarding and reply settings to safeguard the account. Yahoo added that hackers generally tend to edit these settings to gain access to personal emails without the user being aware of it.
Yahoo joins the list of other tech giants to offer security notifications. As the reach of the internet increasers by the day, so are the number of attacks. Google was one of the first companies to amend this feature, when it introduced security notification system in Gmail back in 2012. Google’s decision to introduce the security notifications came a few months after it fell prey to a state-sponsored attack in China. The attack forced the company to cease its operations in the region, and safeguard its users in case of similar attacks in the future.
Ever since then other companies have followed suit and taken measures to protect the security of their users. Fairly recently Facebook had introduced a notification system of its own on its platform. The social networking giant announced that it will issue a pop up notification to the users whose account is under attack. Once notified users will have turn on Login Approvals to protect their accounts from being hacked again in the future.
Twitter has also followed suit and announced it had warned some users of a state-sponsored attack earlier this week. Twitter suspected the hackers of stealing sensitive user data from their accounts.
Yahoo’s chief information security officer added that “In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks. However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.”