RealTime IT News

Facebook Groups Hijacked in the Name of Security

Hundreds if not thousands of Facebook groups were usurped this week by an organization calling itself Control Your Info, renaming the groups "Control Your Info" and posting a message warning users of the very security vulnerability that allowed it to take control of the group.

Unlike previous Facebook phishing and spyware attacks, this group claims its intentions are noble and promises to relinquish control of the commandeered group pages sometime next week.

"Hello, we hereby announce that we have officially hijacked your Facebook group," the group's unsolicited message reads. "This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severely."

By way of example Control Your Info warns that it could have changed the affected group's name to "I Support Pedophiles' Rights," but says it won't "mess anything up."

On its blog, the group explains that Facebook Groups suffers from a "major flaw." According to the blog post, once an administrator leaves, anyone can register as a new administrator and seize control of a group for whatever purposes he or she desires.

"So, in order to take control of a Facebook group, all you really have to do is a quick search on Google," the organization claimed.

Facebook officials said Control Your Info's protest project is really much ado about nothing.

"There has been no hacking and there is no confidential information at risk," Facebook said in a statement e-mailed to InternetNews.com. "The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group."

Facebook said group administrators have no access to confidential information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members.

"In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups," the statement said.

"Our main goal is to draw attention to questions concerning online privacy awareness," Control Your Info said in an e-mail to InternetNews.com. "We have seen too many examples where friends and relatives of ours have suffered from their lack of in-depth knowledge concerning their online presence. We wanted to do something about this."

On its Web site, Control Your Info claims this hijacking project is "strictly not for profit and done for a good cause." The group asks that Facebook users think about safety in their social media life with the same level of concern and circumspection that they would in their "real life."

"So is it hacking?" the posting asks. "No. This is not hacking, by any definitions of the term at all. A takeover? Yes, that we can agree on."

Facebook, which last month was awarded $711.2 million in damages by a Northern California judge who found that self-proclaimed "Spam King" Sanford Wallace violated the Federal Trade Commission's Can-Spam Act, claims to have more than 300 million registered users.

Update adds comments from Control Your Info.