diff --git a/docs/faq.rst b/docs/faq.rst
index 91a4373a8..cb0cb070f 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -95,6 +95,31 @@ There is also a similar encryption security issue for the disaster case:
 If you lose repo and the borg client-side config/cache and you restore
 the repo from an older copy-of-repo, you also run into AES counter reuse.
 
+"this is either an attack or unsafe" warning
+--------------------------------------------
+
+About the warning:
+
+  Cache, or information obtained from the security directory is newer than
+  repository - this is either an attack or unsafe (multiple repos with same ID)
+
+"unsafe": If not following the advice from the previous section, you can easily
+run into this by yourself by restoring an older copy of your repository.
+
+"attack": maybe an attacker has replaced your repo by an older copy, trying to
+trick you into AES counter reuse, trying to break your repo encryption.
+
+If you'ld decide to ignore this and accept unsafe operation for this repository,
+you could delete the manifest-timestamp and the local cache:
+
+::
+
+  borg config repo id   # shows the REPO_ID
+  rm ~/.config/borg/REPO_ID/manifest-timestamp
+  borg delete --cache-only REPO
+
+This is an unsafe and unsupported way to use borg, you have been warned.
+
 Which file types, attributes, etc. are *not* preserved?
 -------------------------------------------------------