Click here
The E-Commerce Pro, The E-Commerce Professional | E-Commerce News
Click here Click here

Facebook flaw enables hijacking of Facebook Pages

Facebook flaw enables hijacking of Facebook Pages
Wednesday September 7 2011

IT security firm Sophos has made a video demonstrating just how easy it is to hijack a Facebook 'Page', due to a loop hole in the social network's settings.

Facebook Pages are an important part of many business's marketing activities.  Brands such as Coca-Cola, Victoria's Secret and Starbucks have millions of Facebook fans signed-up to their Pages.  Anyone can create a Facebook Page, and popular Pages will likely require a number of additional co-administrators to help run it.

While the onus is on Facebook Page creators to be careful about who they grant admin access to, it is possible for newly appointed administrators to hijack the Page, removing the original creator's admin rights - effectively taking permanent control of the Page.

Facebook's own help pages state that "the original creator of the Page may never be removed by other Page admins", however a video from Sophos proves that this is not the case.

"There are two issues here.  Even if a trusted friend or colleague is working as an administrator on a Facebook Page, it is possible that their account may be compromised, giving the bad guys a chance to hijack the Facebook Page you've created," said Graham Cluley, senior technology consultant at Sophos.  "The other possibility is that the Page founder grants a stranger admin rights to the Page. While this might not sound like the best idea, there are several services, such as Fiverr, where you can find plenty of people offering to help you to maximise the success of your Facebook Page."

"If you give a cut-price 'social media expert' admin rights to your Facebook Page, you really only have yourself to blame if you're ousted," continued Cluley.  "However, the question is - why can't Facebook do what its help pages say it will do - either block attempts to remove the original admin, or send a request to the original admin asking if they agree to be removed from their administrator role.  That would surely help prevent hijacks like this taking place."

Tagged as: facebook | hacking | sophos |