Blog

Your Facebook Security At Risk

A group known as Control Your Info, invaded nearly 300 Facebook groups this week, demonstrating how users need to pay more attention to their accounts.  Facebook groups are becoming an increasingly large target for hackers, primarily because if a group admin leaves, an option to take over the group is open to anyone.  If someone was to take over a group, they could change everything, from the name, pictures, objectives, and just about anything you can think of, along with sending messages to the group as a whole. 

Control Your Info, made Facebook users wary as they joined and took over 289 groups.  “Once we were administrators we owned the groups and could have changed any setting,” the groups website stated.  “We chose to change the picture, the name and the description of every group. Our intention was and is to restore these groups to their original form and find a suitable admin among the members. To be able to do this, we first backed up all the data we wanted to replace.”

Once they took over the groups, they had wrote on all group walls:

Hello, we hereby announce that we have officially hijacked your Facebook group. This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severely.  For example we could rename your group and call it something very inappropriate and nasty, like “I support pedophiles rights”. But have no fear – we won’t. We just renamed it Control Your Info. Because this is really all we want:  Think about the safety in your social media life to the same extent you do in your real life. Watch the video clip for more information or check out www.controlyour.info for more tips soon! We promise to restore your group name and leave the group by the end of next week. Don’t worry – we won’t mess anything up.
Best regards
/controlyour.info

The video the group is referring to can still be seen on YouTube.

Needless to say, the folks over at Facebook did not enjoy the stunt preformed by Control You Info and once they realized what the group had done, they had shut done the Control Your Info’s Fan page.  And a groups spokesperson said “During the process we broke the terms of service, as defined in the Statement of Rights and Responsibilities of Facebook, and were rightfully banned: § 4.1  ‘You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission’. We created fictive accounts for one reason: we wanted to put focus on our message rather than our persons. It also eased the process of joining and administrating this large number of groups.”

Facebook also released a statement, saying that users should not worry because regardless of who is admin, they don’t automatically have access to your account information.  “There has been no hacking and there is no confidential information at risk.  The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group.  Group administrators have no access to confidential information and group members can leave a group at any time.  For small groups, administrators can simply edit a group name or info, moderate discussion, and message group members.  The names of large groups cannot be changed nor can anyone message all members.  In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups.”

As of Thursday morning, only a few Control Your Info groups remained, while most of the other groups have either been changed back to normal or shut down completely.  Many are asking Facebook to change group policies.  The ideal example would be, if a admin leaves the group, they should be prompted to choose another member to take over the group. Facebook said they have no intentions on changing any group policies at this time.