Facebook Notifying Users of Targeted, Nation-State Attacks

Facebook tor

Facebook will inform users when it believes their account has been targeted by an attacker or compromised by a nation-state campaign.

Facebook will inform users when it believes their account is being either being targeted by an attacker, or has been compromised by a nation-state campaign.

Alex Stamos, Facebook’s Chief Security Officer, announced the initiative in a post on Facebook’s Security page late Friday afternoon.

Users will be prompted to better secure their accounts if Facebook believes they’re implicated in an attack, Stamos said. Users will be urged to turn on Login Approvals, a feature that’s intended to keep unwanted malicious actors from logging into personal accounts. Whenever a user’s account is accessed from a new device or browser, the company will send a security code to the actual users’ device.


Stamos writes that nation-state attacks – citing how sophisticated government-sponsored hackers┬ácan often be – deserve the utmost of users’ attention. In this case, users may want to look beyond Facebook for the problem.

“We strongly encourage affected people to take the actions necessary to secure all of their online accounts,” Stamos writes, “Ideally, people who see this message should take care to rebuild or replace these systems if possible.”

It remains to be seen how often users will see the notifications. Facebook claims it only plans to use the warnings in situations where evidence strongly supports their conclusion, and adds that to “protect the integrity of [its] methods and processes” it won’t be divulging exactly how it arrives at those conclusions.

From a security standpoint, the social media site has taken some serious strides towards shoring up users’ accounts over the past year.

Over the summer, it gave users the option to receive end-to-end encrypted communications from the company, and even post their own personal OpenPGP keys on their profile pages. It also debuted a new feature, Security Checkup, to give users curious about securing their accounts more information on the tools it provides, what features are disabled, and so on.

Suggested articles