Facebook denies hacking of its user groups

11 Nov 2009

Social-networking giant Facebook has denied that hundreds of groups on its website have been hacked by an anonymous group known as ‘Control Your Info’, seeking to expose a security loophole.

‘Control Your Info’ claimed to have exploited a security vulnerability in Facebook by hijacking hundreds of groups and has left messages on these groups’ pages.

It said that taking control of the Facebook groups allowed it to change the name of the group, bombard members with messages and edit their details.

It said it has no intention of misusing the data but wants to raise awareness of the dangers of the loophole it has found.

‘Control Your Info’ said that if the administrator of a Facebook group leaves, any user can appoint themselves as a replacement.

“This means we control a certain part of the information about you in Facebook. If we wanted, we could make you appear in a bad way which could damage you severely,” ‘Control Your Info’ said in its message.

Facebook responds

However, Facebook has denied that such a loophole has been exploited.

“There has been no hijacking and there is no confidential information at risk,” the company stated. “The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group.

“Group administrators have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members.

“The names of large groups cannot be changed nor can anyone message all members. In the rare instances when we find a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups,” Facebook said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years