Activists hijack 300 Facebook groups

Posted at 11/12/2009 11:30 AM | Updated as of 11/12/2009 11:30 AM

SAN FRANCISCO - Activists claimed to have seized control of nearly 300 Facebook community groups in a self-proclaimed effort to expose how vulnerable online reputations are to tampering.

A group called "Control Your Info" (CYI) claimed credit for commandeering 289 Facebook groups, saying it was simple to get into poorly-protected administrative settings at the website.

"This is just one example that really shows the vulnerabilities of social media," said a blog post at controlyour.info.

"If you chose to express yourself on the Internet, make sure the expressions are your own and not a spammers. This isn't some kind of scare tactic, nor is it a hack, it's a feature that can be used, and is being used, in bad ways."

CYI claimed its motives were pure and that the move was more of a "take-over" than a computer hack of Facebook groups.

Facebook Groups are themed chat venues that users of the social networking service can join to socialize online with people who share interests.

"Facebook Groups suffer from a major flaw," said a message on the CYI blog.

"If an administrator of a group leaves, anyone can register as a new admin. So, in order to take control of a Facebook group, all you really have to do is a quick search on Google."

Once CYI accessed groups as administrators it had authority to change anything, including pictures, descriptions and settings.

CYI fired off messages to the groups telling them they had been "hijacked" and the justification for the attacks. CYI rechristened each group with its name and logo.

CYI promised to restore the violated groups to their original conditions after it makes its point.

"Our main goal is to draw attention to questions concerning online privacy awareness," CYI said. "People have even lost their jobs over Facebook content. We wanted to do something about this."

Facebook said there was no hacking involved and there was no confidential information at risk.

The groups targeted had been abandoned by their owners, which left doors open for group members to make themselves administrators.

"Group administrators have no access to private user information and group members can leave a group at any time," Facebook said.

"In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups."