Facebook denies mass hijack was down to flaw

Facebook denies mass hijack was down to flaw

Summary: The social-networking site has said no user data was in danger when almost 300 user groups were taken over by privacy campaigners

SHARE:
TOPICS: Security
3

Facebook has denied that a hijack of almost 300 of its groups was due to a security vulnerability, or has endangered any of its users' data.

A spokesperson for the social-networking site said in a statement on Tuesday that no hacking was involved in the hijack.

A group called Control Your Info had been taking control of Facebook user groups in an effort to draw attention to privacy issues.

The group said it had done a Google search to find Facebook groups lacking an administrator. It then joined 289 of those groups, and changed the picture, name and description of the group, to draw attention to potential privacy issues.

"We have seen too many examples where friends and relatives of ours have suffered from their lack of in-depth knowledge concerning their online presence," said the group in a blog post. "People have even lost their jobs over Facebook content. We wanted to do something about this."

A post on one of the hijacked groups read: "We could rename your group and call it something very inappropriate and nasty, like 'I support paedophile's rights'. But have no fear — we won't."

However, Facebook on Tuesday denied that any of its members had been in danger.

"Group administrators have no access to private user information and group members can leave a group at any time," said the Facebook statement. "For small groups, administrators can simply edit a group name or info, moderate discussion, and message group members."

Facebook said that for large groups, the names cannot be changed, and all members cannot be sent a message.

"In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups," Facebook added.

Some group members did not appear to support Control Your Info's actions. Michael Sixtus posted a message on his group's board describing the privacy campaigners as "ethical hacking net nannies".

Facebook has been the target of hack attacks in the past, including an attack that targeted users with the Zeus banking Trojan.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • But still...

    "Group administrators have no access to private user information and group members can leave a group at any time," said the Facebook statement."

    Is that before or after some one has lost there job? if group names can be renamed alone that can cause a serious amount of damage, to all in that group.
    CA-aba1d
  • unecessary paranoia

    almost anything you join on the web - even (or especially) commercial site, are open to change at any time - you might for example sign up to a legitimate dating site that gets bought out by a less reputable outfit. Sure there are things like the data protection act but with international boundaries difficult to police these are not particularly effective, especially as the damage is usually done by the time you could pursue a complaint.

    If there is a moral wrong here it is that companies should stoop to prying into what is an employees social life - it is akin to an employer calling into to an employees local pub/bar and enquiring about his drinking habits and behaviour. This is just as public as facebook and yet I imagine most people would be outraged at an employer doing this. I doubt you could legislate against it but there should be an agreed industry code not to continue this kind of snooping - what will they do next, spy on an employees kid's facebook to see what they say about their parents, or randomly look to see if other people have posted information about you?

    This is something that pressure groups should really look into - the Ethics of using internet based data!

    In the meantime the message needs to go out loud and clear that you should not post anything about yourself that you are worried might bite you back in the future. It would however be a great shame if this were to kill this wonderful social interaction.
    cymru999
  • We'll...

    Firstly it isn't unnecessary paranoia because the renaming of a group successfully took place.

    "I doubt you could legislate against it but there should be an agreed industry code not to continue this kind of snooping"

    Secondly how can something be deemed as snooping if you invited your employer or work colleagues to be friends on your social accounts before the event happens?!

    Thirdly with just about every form of social medium softwares utilizing some form or other real time live updating notifications to all platforms, throughout you contacts lists how can this be deemed as snooping?

    Example;
    http://controlyour.info/blog/wp-content/uploads/2009/11/hatemyjob.jpg


    "This is something that pressure groups should really look into - the Ethics of using internet based data!"

    On what? how to stop the spreading of truths, or fallacy's, there's only two ways of stopping that 1) don't use such sites, or 2) site owners secure the sites better or respond quicker.

    "It would however be a great shame if this were to kill this wonderful social interaction."

    I'm pretty sure these company's or there user's will manage that all by them selfs given time.
    CA-aba1d