UPDATE: Facebook Responds
Facebook PR has left this message regarding the group hijacking:
“There has been no hijacking and there is no confidential information at risk. The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group. Group administrators have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members. In the rare instances when we find a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups.”
- – -
Because of their sheer size, social networks tend to be the most easily and most frequently hacked websites on the internet. Of course, sometimes, you don’t even need to be a hacker to expose a flaw in a system. According to Mashable, a recently discovered design flaw in Facebook has compromised thousands of Facebook Groups.
From the article:
On Facebook, anyone can start a group. And the admin of a group controls various aspects of it: he can change its name, edit its info and picture or send messages to the members.
But when an admin leaves, anyone else can join the group and register as the new admin. From what we can gather, this behavior is WAI (working as intended), or at least it’s been that way for quite some time now. But it’s also an obvious design flaw, and now a group called Control Your Info is abusing it (or raising awareness about it, depending on how you look at it) by finding groups without admins and taking them over.
We’ve tried it out (on a group we own) and it works. Once an admin leaves, any Facebook user can join the group, take over, and do pretty much whatever he/she wants with it.
We’ve written about the dangers of hackers on Facebook before, but this presents an entirely different threat. Just imagine the possible abuses. Let’s say you are a member of a totally innocuous group, something like “I Heart Kittens.” If the admin of that group leaves and a malicious kitten-hating stranger assumes the admin function, he or she could change the group to say “I Heart Using Crack Cocaine,” or any number of offensive and reputation damaging things. What’s more, the new admin could change the privacy settings of the group to display your name publicly on the web.
Hopefully Facebook fixes this obvious design flaw soon. In the meantime, check your profile to make sure that none of your groups have been hijacked. Oh, and as long as you’re on Facebook, check out the ReputationDefender Fan Page.
1 comment so far ↓
[...] to stick to what made it successful in the first place. It is easy to criticize Facebook for its occasional security lapses, but, truthfully, there aren’t many internet companies that have responded to legitimate [...]
Leave a Comment