Noting that their team holds the security and safety of users at the highest esteem, Yahoo’s new policy is meant to help Internet denizens “take appropriate measures to protect their accounts and devices in light of these sophisticated attacks.”
Far from pioneers in this practice, Yahoo is the latest in a series of tech companies that have dedicated teams to informing their audience’s of potential attacks. In 2012, Google implemented warnings in the form of pink bars at the top of a user’s screen, and earlier this year, Facebook activated desktop alerts for such occasions. Most recently, Twitter began sending warning emails, and as these sort of attacks become more commonplace, it seems likely that an increasing number of players in the Internet space will have to figure out a way to keep their users in the know.
Yahoo did not reveal whether any incident spurred this policy change, with Lord simply writing, “In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks. However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.”
While the company has yet to divulge just how it will provide this sort of information, the security officer offered a few security tips to help users protect themselves. Lord recommends turning on “Account Key or Two-Step Verification to approve or deny sign-in notifications,” and provides guidelines for creating a strong password. Moreover, the search engine recommends that you “review your recent activity in your account settings for sessions you don’t recognize,” and has a number of suggestions that will work outside of Yahoo as well.
“Don’t fall for phishing attacks!” reads the blog post, and it also pushes for the installation of anti-virus software on your computer.
