Share
All of the recent panic over the “Hundreds of Facebook groups” allegedly hacked are nothing more than a design flaw on Facebook that was publicly pointed out. However, when the masses see the words hacker, hacking, or hacked, they sometimes jump the gun, and little things get blown completely out of proportion. Facebook wasn’t hacked, and no one was at risk.
Facebook groups were not hacked and no one is at risk.
Control Your Info (CYI), a group that exists to “draw attention to questions concerning online privacy awareness,” performed a few Google searches and discovered several Facebook groups without administrators. Thanks to the nature of the Facebook group system itself, if there is no administrator present, anyone can join and make themselves an administrator. This is what CYI did. They used the Google search, and with the results, managed to make themselves administrators on 289 open groups.
This is not hacking, and the people who do it are not hackers in the criminal sense, or the ethical sense for that matter. Before CYI pulled their stunt this morning, several groups had been taken over in the past by using the same methods. While the motive for the past takeovers is unknown, the recent CYI actions were little more than a wakeup call for those on Facebook or any other social network who blindly trust the platform itself and hold a false expectation of privacy. The truth is, unless you actively define your privacy settings on Facebook, you have very little protection. This is true for almost any social platform online.
“Our method of choice only serves the purpose to prove our point and put emphasis on how easy it is to lose track of a part of your online presence. If we wouldn’t have communicated this way, our message would probably have fallen into oblivion the moment it got out,” said Control Your Info in a statement.
“We did not hack anything. Once we were administrators we owned the groups and could have changed any setting. We chose to change the picture, the name, and the description of every group. Our intention was and is to restore these groups to their original form and find a suitable admin among the members. To be able to do this, we first backed up all the data we wanted to replace.”
Of the hundreds of groups tagged thanks to the Facebook flaw by design, only 39 were still carrying the CYI logo at the time this article was written. The overall point, as the CYI statement mentioned, was to show the risks associated with trust in social media. While all they did was target open groups, if they had wished, they could have gone in a completely different direction. They could have gone down a malicious route instead of altering images and posting to walls.
Imagine if a group administrator released an application that sucks up personal information or spreads malicious code. If the group is large enough, you could call the attack successful even if only a small percentage fell for it. Millions of people are exploited monthly, thanks to criminals turning a trusted source against them. “This isn’t some kind of scare tactics, nor is it a hack, it’s a feature that can be used, and is being used, in bad ways,” CYI said.
Facebook has issued statements that no personal information was compromised, anyone who looked at what happened with the groups was already well aware of this fact however. What Facebook has not said is whether they will fix the settings within the group properties to prevent similar hijackings in the future. For now, they are investigating the incident they say.
As to the actions of CYI, “Feel free to form your own opinion,” they said.
Tell us, what are your opinions of this issue? Was it overblown? Do you think what CYI did was reasonable or out of line?
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story