If government agents, say in Syria or North Korea, happen to target your Facebook account and are curious about the cat video, food image or government secret you posted, worry not: Facebook will detect any ostensible intrusions and warn you.
Facebook said Oct. 19 that it will immediately begin notifying users if it believes their accounts have been targeted or compromised by an attacker suspected of working on behalf of a nation-state.
We at eWEEK know that most of the content on Facebook is not of international interest and that government secrets aren’t often entered into people’s newsfeeds, but Facebook has 1.4 billion users and is taking no chances.
“The security of people’s accounts is paramount at Facebook, which is why we constantly monitor for potentially malicious activity and offer many options to proactively secure your account,” Alex Stamos, chief security officer at Facebook, wrote in his blog. “Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.”
Facebook is asking all its users to turn on their “Login Approval” control on their “Preferences” control page. This keeps others from logging in to another person’s account.
The social network said that whenever a person’s account is accessed by a new device or browser that it would send a security code to the account owner’s phone to verify that only the account user is trying to access the account.
Users should go to “Settings,” then “Security,” than click on “Login Approvals.” Check the box that says “Require a security code to access my account from unknown browsers,” and follow the instructions.
“It’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems, and that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware,” Stamos said. “Ideally, people who see this message should take care to rebuild or replace these systems if possible.”
“To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.”