Yahoo's Warning Users Of State-Sponsored Spying, Too
Yahoo's Chief Information Security Officer Bob Lord has announced that Yahoo will now inform its' users when they're the subject of a state-sponsored attack. The notifications will be provided if the company "strongly suspect[s]" an account has been targeted by a state-sponsored actor of some sort, giving the user a chance to protect his or her account.
Yahoo is careful to note that a notification doesn't necessarily mean the account is being accessed. Rather, Lord says a notification means "we strongly suspect that you may have been a target of an attack." The company isn't revealing how it detects whether a state-sponsored attack is planned, but does say that notifications are only sent if "we have a high degree of confidence" about the matter.
Users who receive a notification are given several things they can do to help secure their accounts. Turning Two-Step Verification and Account Key on are both encouraged, as well as setting a strong password not used elsewhere, updating account recovery data, and double-checking that mail forwarding and reply settings haven't been altered to pass on messages.
In addition, Yahoo users can review their account's recent activity within Settings to see if someone has been in the account. Yahoo advises users to be careful about phishing scams, to install anti-virus software on their laptop, and to secure their accounts with other companies.
SOURCE: Yahoo