Facebook denies mass hijack was down to flaw

The social-networking site has said no user data was in danger when almost 300 user groups were taken over by privacy campaigners
Written by Tom Espiner, Contributor

Facebook has denied that a hijack of almost 300 of its groups was due to a security vulnerability, or has endangered any of its users' data.

A spokesperson for the social-networking site said in a statement on Tuesday that no hacking was involved in the hijack.

A group called Control Your Info had been taking control of Facebook user groups in an effort to draw attention to privacy issues.

The group said it had done a Google search to find Facebook groups lacking an administrator. It then joined 289 of those groups, and changed the picture, name and description of the group, to draw attention to potential privacy issues.

"We have seen too many examples where friends and relatives of ours have suffered from their lack of in-depth knowledge concerning their online presence," said the group in a blog post. "People have even lost their jobs over Facebook content. We wanted to do something about this."

A post on one of the hijacked groups read: "We could rename your group and call it something very inappropriate and nasty, like 'I support paedophile's rights'. But have no fear — we won't."

However, Facebook on Tuesday denied that any of its members had been in danger.

"Group administrators have no access to private user information and group members can leave a group at any time," said the Facebook statement. "For small groups, administrators can simply edit a group name or info, moderate discussion, and message group members."

Facebook said that for large groups, the names cannot be changed, and all members cannot be sent a message.

"In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups," Facebook added.

Some group members did not appear to support Control Your Info's actions. Michael Sixtus posted a message on his group's board describing the privacy campaigners as "ethical hacking net nannies".

Facebook has been the target of hack attacks in the past, including an attack that targeted users with the Zeus banking Trojan.

Editorial standards