Facebook has announced that it has started to warn users if it believes their accounts have been targeted in state-sponsored attacks.
Users who Facebook believes could be at risk will see a warning message similar to the following:
Please Secure Your Accounts Now[Name], we believe your Facebook account and your other online accounts may be the target of attacks from state-sponsored actors. Turning on Login Approvals will help keep others from logging Into your Facebook account. Whenever your account is accessed from a new device or browser, we’ll send a security code to your phone so that only you can log in. We recommend you also take steps to secure the accounts you use on other services. Learn more.
Facebook appears to be using the warning as an opportunity to recommend that at-risk users enable Login Approvals, a system which asks for a special security code to be entered everytime an attempt is made to log into an account from a new computer/web browser/mobile phone.
My personal recommendation is that *every* Facebook user would be wise to enable Login Approvals, regardless of whether your communications are likely to be of interest to intelligence agencies.
Facebook’s Chief Security Officer Alex Stamos explains that the company will not be sharing, for understandable reasons, its methodologies for determining if a Facebook account might be subject to attack, but is saying that it will only be displayed if it has a high degree of confidence that something suspicious is going on:
“It’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems and that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware. Ideally, people who see this message should take care to rebuild or replace these systems if possible.”
“We plan to use this warning only in situations where the evidence strongly supports our conclusion.”
Facebook’s move follows in the footsteps of the likes of Google, which in 2012 announced that it would begin to display security warnings when it believed accounts of, for instance, Gmail users had been compromised by state-sponsored attackers.
Facebook should be applauded for introducing an additional warning like this, but really those who are using Facebook for sensitive communications should perhaps already be asking themselves whether they are doing things the right way.