Yahoo Will Notify Users of 'state-sponsored' Hacks

Uploaded on 2016-01-08 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

 

Yahoo has become the latest technology company to promise to alert its users if it thinks their accounts have been attacked by “state-sponsored actors” – hackers working on behalf of governments.

“Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor,” said Bob Lord, Yahoo’s chief information security officer, in a blog post announcing the change.

“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”

Those actions include turning on two-step verification; changing their password to a stronger one that has never been used before; updating their account recovery information; and checking recent activity on their account.

Yahoo’s move comes two months after Facebook made a similar announcement in October, telling its users that it would notify them “if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state”.

In December, Twitter warned a number of its users that they may have been the targets of a state-sponsored attack, including several experts in information security and privacy.

Google, meanwhile, made this move in June 2012 for a subset of its users who it believed might be targets for phishing, malware or other attacks from state-sponsored “bad actors”.

By necessity, all of these companies decline to provide detailed information on the potential attackers they have identified.
“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” wrote Lord. “To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers,” explained Facebook.

The likelihood of online attacks coming from state-sponsored actors has been increasingly talked about in 2015.

Richard Ledgett, deputy director of the US National Security Agency, claimed in October that “if you are connected to the Internet, you are vulnerable to determined nation-state attackers”.

Guardian: http://bit.ly/22GDix6

« Now Anonymous Declares Cyberwar On Turkey
Fighting Cybercrime As The World Goes Digital »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

SecurEyes

SecurEyes

SecurEyes is a leading cybersecurity firm that provides specialised services, including cybersecurity assessments, managed services, and governance risk and compliance services.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.

Octane

Octane

Octane is an AI cybersecurity startup using machine learning to identify and fix vulnerabilities in blockchain codebases.