If you're a regular user of Facebook (who isn't these days?) you have probably joined up with your share of groups. Facebook groups are sort of like a combination of club and petition, except for being totally useless and so flooded with spam as to be unsuited for anything but a novelty. As you can probably tell, I'm not a big fan of them. Well today it looks like my distaste for Facebook groups was reasonable after all. It turns out they're incredibly vulnerable to the actions of assholes with a tiny bit of knowledge.
Loose wire blog reports that over 300 different Facebook groups have been taken over today by a group called Control Your Info. Here's a link. Some folks are calling this a 'hack', but that's not really true. The groups were hijacked by way of an existing, perfectly legal and transparent feature within Facebook. All the 'hacker' did was search groups who'd had an admin leave, and then joined as an admin. This gave them the ability to change the name of the group. Once they had control, they left this note;
"Hello, we hereby announce that we have officially hijacked your Facebook group. This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severly. For example we could rename your group and call it something very inappropriate and nasty, like "I support pedophile's rights". But have no fear - we won't. We just renamed it Control Your Info. Because this is really all we want:"
The message then goes on to urge people to take an interest in their security when it comes to social media. They warn that Facebook has many vulnerabilities, and state that users need to be keyed into that and aware of the risks. The hijacker promises to restore all groups back to their original state at the end of a week.
These guys (or this guy?) has my support. They've exposed a major vulnerability in a popular utility without exploiting or harming anyone. Sure, their tactics were a bit theatrical, but how else were they supposed to drive the message home to people? Maybe now people will realize how much of their image they put at risk by trusting sites like Facebook implicitly.