Facebook will now send you a warning notice if it thinks your account has been "targeted or compromised by an attacker" associated with a nation-state.
The world's largest social network notes that if this happens, it's not because Facebook's own security systems have been compromised but that the user's computer or mobile phone has malware on it. Facebook recommends that users outright rebuild or replace their affected systems.
In a post on Facebook, Chief Security Officer Alex Stamos shared an example of what the new security notification looks like and explained the change, noting that the new precaution builds upon existing security measures for accounts Facebook believes have been hacked:
"We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts," Stamos wrote.
Hackers who may (or may not) be associated with state intelligence agencies in China, Russia, North Korea and Iran, among other countries, have targeted the online accounts of Americans in the past. The Islamic State group has attempted to hack the social media accounts of U.S. military personnel. In other countries, citizens may be concerned about their Facebook accounts being compromised by the National Security Agency or the United Kingdom's intelligence services.
Due to Facebook's desire to maintain some opacity about how it detects these kinds of issues, users shouldn't expect the site to offer them much more information about being targeted or hacked by a nation-state, other than the fact that it's already happened.
"To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers," wrote Stamos. "That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion."
The social network recommends that its users take steps to protect their personal information on Facebook, like doing a security checkup, setting up multi-factor authentication with an email address or mobile device and avoiding clicking on suspicious emails or links.
If you have a moment today, make sure to turn on log-in approvals on Facebook and set up multi-factor authentication on every other online service you use that offers it, from Gmail to Dropbox. It's far easier to secure all your accounts than it is to get them back once they're compromised.