Facebook will start sending notifications to people that it believes have had their accounts hacked by governments.
The site will be watching for extra-suspect activity on people’s accounts and informing them when it happens — encouraging them not just to change their password but to “rebuild or replace” their computer system because it has probably been entirely compromised.
If Facebook detects activity that makes it think an account has been “compromised by an attacker suspected of working on behalf of a nation-state”, it will show a notification at the top of the page. That tells users to “Please Secure Your Accounts Now”, giving an explanation of what has happened and advising people to turn on login approvals.
Login approvals sends a message to a users’ phone when somebody tries to log in from a new device. That message includes a code that must then be put back into Facebook, meaning that hackers need physical access to the phone to break into an account.
The warning doesn’t mean that Facebook or its systems have been compromised, the site said. Instead, it is likely to mean that the computer or mobile device could have been infected by malware.
The site said that it won’t often be able to explain how it has come to decide that certain attacks have come from state-sponsored hackers, to “protect the integrity of our methods and processes”. But it would only provide the notification in situations where evidence “strongly supports” its conclusion, it said.
Facebook said that it had chosen to offer users an extra-alert about state-sponsored attacks — rather than those that might be perpetrated by criminals, for instance — because they tend to be much worse.
“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored,” wrote Alex Stamos, Facebook’s chief security officer, in a blogpost announcing the change. “We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
Despite privacy concerns around Facebook’s business, the site has been active in promoting tools to stop state snooping on its users. Earlier this year, for instance, it added support for a super-secure encryption protocol into its emails, meaning that they shouldn’t be able to be intercepted on their way between the site and its users.
