Yahoo has warned its users about hackers carrying out cyberattacks on behalf of foreign governments. The company said it would notify users whose accounts may have been targeted.
Similar warnings have been issued by Facebook, Google and Twitter in the past. Earlier in December Twitter warned its users about state-sponsored attacks. Facebook's warning came in October. Google first warned about such attacks in 2012, when Eric Grosse, VP of security engineering, cited the threat.
Yahoo's notifications do not mean an account has been compromised but only suggest it was targeted for an attack. Additionally, the warnings don't imply that Yahoo's internal systems have been compromised either.
"We'll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks," said Bob Lord, Yahoo's chief information security officer.
He further added: "In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks. However, rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence."
If you receive a notification from Yahoo the first thing you should do is turn on your "Account Key" that lets you sign into your account without using a memorised password. With this feature enabled, nobody other than you can sign into your account.
Alternatively, use the "two-step verification" procedure to approve or deny any sign-in notifications. This method uses a password and an additional security code to verify your identity whenever you sign into your account. So, if anyone guesses your password and tries to access your account, they won't be able to without the second level of authentication.
To be on the safer side, choose a strong and unique password that you have never shared or used before. Besides, keep your account recovery information — phone number or alternative email address — up-to-date and remove the older details you no longer have access to or don't recognise.
Check your mail forwarding, enabling which sends a copy of an incoming email to another email address you select, and also the reply-to settings. You can review your recent account settings for the sessions you don't recognise. The recent activity log records time and location of each sign-in helping you identify any unauthorised access.
Apart from account-related security, protect yourself online. Don't click on any suspicious links. Make sure you have installed an anti-virus software and that your PC and other devices have security updates. Do not forget to review the security guidelines posted by the services.