Facebook has introduced a new notification that warns people if it appears their account has been compromised by hackers from a nation-state.
The message encourages Facebook users to enable “Login Approvals” to ensure that it’s truly them logging in and not someone else.
By activating Login Approvals, Facebook requests that you enter a security code that’s been SMSed to your phone when a login from a new browser has been detected, adding that all-important second authentication factor that’s difficult (but not impossible) for attackers to fake.
Faceboook says it’s chosen to activate this notification “…because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
The company goes on to say that this type of attack doesn’t mean Facebook’s systems have been compromised, but rather that it’s the devices belonging to the person receiving the notification that are likely infected with malware. Affected individuals are encouraged to “rebuild or replace these systems if possible”.
Facebook also promises that it will only issue that notification when it’s absolutely certain that the account in question has indeed been compromised by hackers representing a nation-state.
The company won’t, however, divulge just how they determine exactly whether an intrusion qualifies for the notification; it just promises in the notification post that “…we plan to use this warning only in situations where the evidence strongly supports our conclusion.”
It pays to be cautious
Even if you’ve never received this notification, it pays to beef up your privacy and security settings on Facebook anyway as part of your commitment to being a responsible web citizen. Even just by specifying that only friends can see posts or contact you directly goes a long way to protecting yourself against unwanted interest.
To access your Facebook settings, load up the website and click the downward-facing triangle at the top right of your Facebook page, click Settings then Privacy, and adjust your settings to your liking.
To activate Login Approvals, instead of Privacy click on Security and then edit to make Facebook authenticate you with an SMSed security code.[Source – Facebook]