Notifications for targeted attacks

This question obviously is unlikely to have an answer, but someone has to ask: does "nation-state" include the Western countries, namely the US/EU and friends?

&quot;we strongly encourage affected people to take the actions necessary to secure all of their online accounts.&quot;<p>This is an important aspect. The affected individual might be using several other services that don&#x27;t have the sophistication of Facebook&#x27;s security team. Facebook might have been able to thwart the attack but his&#x2F;her other online accounts might have been compromised.

Why state-sponsored hacking specifically, as opposed to any (likely) unauthorized access?

Will it disregard National Security Letters to notify users?

I&#x27;ve been getting regular emails from Facebook saying &quot;sorry you&#x27;ve been having trouble logging in to your account&quot;. I haven&#x27;t been trying to login to my account, I deactivated it years ago. Don&#x27;t think there is anything I can do about it.

This is a good move by facebook and does have the potential to save lives, but the fact that they don&#x27;t provide any details about the attack or the supposed attacker definitely makes it significantly harder for potential victims to act on this information.<p>Imagine getting a message like this out of the blue, not even knowing who&#x27;s after you. What are you going to do?<p>It&#x27;s hard to fight a faceless enemy, especially when you can&#x27;t even be sure if they really exist.

Except the USA, of course. :)

Imagine if this alert system were too liberal at labeling things &quot;nation-state&quot; and a significant proportion of users saw this notice: I imagine the general populous would be much more concerned about internet security than they are now.

Rather than stealing your password so they can log in to your Facebook account, won&#x27;t these state sponsored hackers just steal the authentication cookie that your browser sends to show that it&#x27;s been authorized by MFA?

Why so many naysayers? I can&#x27;t see this having any detrimental effects, regardless of how effective it is in practice.

The comments (on Facebook) are surreal.

This is so stupid since they can be forced to give information with no hacking involved...