Facebook is urging users to add security to their accounts, citing possible attacks by nation-state hackers. The company did not say whether it would send text alerts in case of US government snooping, or if the phone numbers provided will be kept safe.
The popular social media platform recently added a feature called Login Approval, which sends users a text message with a unique log-in code if their account has been accessed from a new device or browser.
“We will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state,” Facebook’s Chief Security Officer Alex Stamos announced.
The additional warning was deemed necessary because government-sponsored attacks “tend to be more advanced and dangerous than others,” Stamos noted, urging the affected users to secure all their online accounts.
“We plan to use this warning only in situations where the evidence strongly supports our conclusion,” he added.
The announcement prompted some Facebook users to wonder whether the definition of “state-sponsored actors” extended to US government organizations such as the FBI or the NSA, or to intelligence operations by US allies.
“Does that include the NSA or other agencies affiliated with U.S. government?” one user asked in the comments, adding “How come I doubt that?”
“I'm willing to bet you won't report attacks from the ‘good guys’ e.g the UK, US, Germany etc,” said another.
Reactions to the post have ranged from “Thank you so much” to “No way is FB getting my cell phone number.”
Facebook is not the first to warn users about possible breaches by government-backed actors. Google introduced a similar warning in 2012. In both cases, the companies declined to explain the methods of detecting a state-sponsored attack, citing security and integrity concerns. Both Google and Facebook say that receiving a notice of a government hack does not mean their networks were actually compromised – only that the particular user’s devices may be.
Unlike Google, however, Facebook suggested that compromised users should ditch their devices. “Ideally, people who see this message should take care to rebuild or replace these systems if possible,” Stamos wrote.