On 16 October Facebook announced on its security page that it will notify users if it believes their accounts have been targeted by state-sponsored actors.
Anyone thought to have been targeted will receive a notification advising them to further secure their account.
Chief Security Officer at Facebook, Alex Stamos, said in a statement:
“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
We hope that these kinds of warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook” Stamos added.
Cyber Security expert Robert Pritchard said Facebook was doing this to warn users if their accounts have been compromised by state backed actors, meaning spies.
“If you are being targeted by a government with less judicious espionage practices, or which regards you as a dissident, they will want to see who you are in contact with, and one means of doing this is by illegitimately accessing your Facebook or webmail accounts. This is usually done fairly simply, with phishing emails – the hackers send an email purporting to be from Facebook with a link taking the target to a fake login page. This is the same trick criminal gangs can use to harvest banking credentials,” he said.
Pritchard said he was not sure how Facebook might know it was a state backed actor accessing an account, but that it might be done by looking at where the IP addresses are accessed from. If a user is based in the US it would be odd if their Facebook account was suddenly being accessed from China.
“Facebook offers login approvals, which requires you to enter a code sent to your mobile before you are able to login from a new computer, everyone should have that turned on, “ he added.
Facebook has offered the following tips to avoid being hacked:
1. Protect your password.
Use a combination of at least 6 letters, numbers and punctuation marks. Avoid including your name or common words. 2. Never share your login information with anyone. 3. Log out of Facebook when you use a computer you share with other people. 4. Don’t accept friend requests from people you don’t know. 5. Never click suspicious links. Even if it is sent from your friends. 6. Watch out for fake Pages and apps/games. 7. Always log in at www.facebook.com. (Sometimes scammers will set up a fake page to look like a Facebook login page.) 8. Update your browser. The newest versions of Internet browsers have built-in security protection. Facebook supports: Mozilla Firefox, Safari, Google Chrome and Internet Explorer 9. Run antivirus software. https://www.facebook.com/security |
Further security information is available on Facebook under account help-settings.