Rogue group hijacks hundreds of Facebook groups for your own good

Despite well-known privacy leaks and rampant availability of sensitive personal data, Facebook remains hugely popular.

Lulled into a precarious sense of security by friends locking accounts, most people feel fairly comfortable sharing information they might not otherwise like to see on the front page of The New York Times. (One of the litmus-tests for information sharing on the internet, that or “would you like to see it in your grandmother’s inbox?”) A common Facebook function for many users seems to be the practice of joining any and all groups that cross their news feeds, from “Celebrities I’d Like To Hit in the Face With a Bag of Doorknobs” to “I couldn’t give a flying f**k about what you’re up to on Farmville.”

Today, many users woke up to find the following message posted on the “walls” of groups taken over by Control Your Info, who state that the mass-hack was “strictly not for profit and done for a good cause.” (It did get their name in the news, though.)

Hello, we hereby announce that we have officially hijacked your Facebook group.

This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severly.

For example we could rename your group and call it something very inappropriate and nasty, like “I support pedophile’s rights”. But have no fear – we won’t. We just renamed it Control Your Info. Because this is really all we want:

Think about the safety in your social media life to the same extent you do in your real life. Watch the videoclip for more information or check out www.controlyour.info for more tips soon!

We promise to restore your group name and leave the group by the end of next week. Don’t worry – we won’t mess anything up.

The loophole which allowed the group to gain administrative access to Facebook groups exists in groups in which the administrator has since jumped ship. Anyone belonging to a group without an admin can appoint themselves in charge of the group and then change the group name, contact members, and so on. While it’s unlikely to be the end of life as you know it, it’s certainly something to think about.

Facebook has commented on the matter and denied groups had been hijacked, asserting that no sensitive data had been compromised. The spokesman also addressed concerns with large groups and cleanup of the affected groups, many of which remain “hijacked”:

“The names of large groups cannot be changed, nor can anyone message all members,” he said. In cases where Facebook finds that a group name has been changed inappropriately, it will disable those groups, which is what it plans on doing in this case, he said.