Facebook group “hacking” proves overblown
Recent reports that a gang hacked into dozens of Facebook groups appear to be somewhat overplayed. Instead those involved have exploited a flaw in the way such groups work which could cause embarrassment rather than a security risk.
The issue affects common interest groups set up on the social networking sites. The affected groups have been renamed to “Control Your Info” and had their logo changed. The groups now include a message noting:
“Hello, we hereby announce that we have officially hijacked your Facebook group. This means we control a certain part of the information about you in Facebook. If we wanted, we could make you appear in a bad way, which could damage you severely.”
While this may appear a serious security threat, no hacking as such has taken place. Instead those responsible have taken advantage of the way the Facebook groups feature works. Each group is led by one or more administrators who can moderate messages posted onto the group’s page and, depending on the set-up of the group, approve or reject applications to join the group.
However, when the last administrator relinquishes their position, any member of the group can claim the vacant post. That’s designed to make sure a group can continue if a key member quits. The members of “Control Your Info” have seized on this opportunity by joining groups and appointing themselves as administrators.
However, the power this brings is extremely limited. The administrators of large groups can only moderate messages, while those in smaller groups can also send bulk messages to members and change the title and listed info about the group. They do not have any access to confidential information about members and can’t access private messages or change their account settings.
Of course, while not a security threat as such, this power is certainly open to abuse. It does make it possible to make it falsely appear that Facebook users are members of a group with an embarrassing or offensive title and description.
For their part, the “Control Your Info” group says it is simply making a point and will return the groups to their previous status by the end of next week. That may be too late as Facebook says its policy is to disable groups that have had their details inappropriately changed.
Related Posts:
