Facebook has promised to warn users when their accounts seemingly come under concerted attack from suspected “state-sponsored” hackers.
However, users will need to turn on a feature called “login approvals”, which will require them to hand over their mobile phone number to the information-gathering behemoth.
Login approvals means that whenever a Facebook account is accessed from a new device, a security code will be sent to the registered phone number, which the user will need to key in before they can access their account. The security measure isn’t new: the games service Steam, run by Valve Software, operates a similar system, except that it sends an email to the registered account instead.
The promise was made by the company’s new chief security officer, Alex Stamos (pictured), in a blog post over the weekend.
“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored.
“We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts,” he wrote.
He continued: “To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.
“We hope that these warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.”
However, while the action of Facebook is laudable, it remains open to question how Facebook will identify “state-sponsored” attacks and whether it will notify users of more mundane non-state-sponsored attacks.