Facebook Says Hijacked Groups No Threat to Confidential Data

Facebook confirms that a group called Control Your Info seized control of some Facebook groups. According to Facebook, no hacking is involved and no confidential data is at risk. As many as 200 groups are reported as being under the power of Control Your Info.

An anonymous group going by the name Control Your Info hijacked hundreds of Facebook groups Nov. 10 to put a spotlight on the social networking site's security.

Control Your Info seized control of the Facebook groups and renamed each Control Your Info. On the wall of every group was a message stating that it had been hijacked and that members should be careful with their personal information on social networks.

"Hello, we hereby announce that we have officially hijacked your Facebook group," the message reads. "This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image [severely.]"

To read about a scheme to use Facebook to relay commands to a Trojan, click here.

According to Facebook, the groups that were "hijacked" were abandoned by their previous administrators, allowing anyone who is a member to assume that role.

"There has been no hacking and there is no confidential information at risk ... Group administrators have no access to private user information and group members can leave a group at any time," a Facebook spokesperson said. "For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members."

If a group has been changed inappropriately, the group will be disabled, the spokesperson said.

On the Control Your Info site, the group said it is trying to spread awareness of social networking security issues.

"When you're admin of a [Facebook] group, you can basically do anything you want with it," said a message on the site. "You can change its name, and the group's members won't even get a notification of it. You can send mails to all members and edit info.

"If you [choose] to express yourself on the Internet, make sure the expressions are your own and not a spammer's," the message continued. "[These aren't] some kind of scare tactics, nor is it a hack, it's a feature that can be used, and is being used, in bad ways. Remember, control your info!"

Facebook said it is continuing to investigate the incident.