Yahoo to warn users of state-sponsored hacks

Yahoo will soon notify users if the tech company “strongly” suspects they are being targeted by state-sponsored hackers.

“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks,” Yahoo Chief Information Security Officer Bob Lord said in a blog post this week.

{mosads}The move comes as government-backed hacking rises dramatically around the world.

Yahoo said its notifications will offer a list of steps to take to help secure users’ accounts, such as turning on two-step verification, which requires an additional, one-time code on top of a traditional password.

The message will also instruct users to review their email forwarding and “reply to” settings, because successful hackers can alter these to ensure they receive copies of all future emails after they’ve left an account.

As other companies have before them, Yahoo said it will not explain why it believes certain attacks are state-sponsored.

“So how do we know if an attack is state-sponsored? In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” Lord said.

Several other major Silicon Valley players, such as Facebook, Google and Twitter, have all taken similar steps to warn users that government hackers are trying to penetrate their accounts.

Earlier this month, Twitter sent out notifications to a “small group,” saying they believed state-sponsored hackers had been seeking their email addresses, IP addresses and phone numbers. There was “no evidence” they succeeded, though, Twitter added.

Both the private sector and government have been hammered by suspected government hackers in 2015.

It’s believed that Chinese hackers were behind intrusions at multiple major airlines and several large health insurers as part of a cyber espionage campaign to collect data on U.S. government officials.

Beijing is also thought to be behind the hack at the Office of Personnel Management, which compromised over 20 million background check investigation files.  

Russian-backed hackers are the likely culprits behind intrusions at the White House, Pentagon and State Department.