Posted by: Nasreen on Sep 06, 2011
If you create a Facebook Page and add an administrator to it, this individual can remove you from your own Page. There is much debate about this, as it may seem like a flaw but other reports say it is a feature, and some may argue that the admin has the right to do this.
This recent Facebook security flaw or feature allows Page administrators to remove original Page creators from the admin status, therefore not giving them access to the page anymore. So in other words, Facebook effectively enables new administrators to hijack Pages.
In June last year, it was reported that Facebook had finally made it possible for any admin on a company or brand’s Facebook page to delete the original ‘owner’ associated with that particular account. But this has caused people to question whether it is a good idea, as it opens up a Facebook Fan Page to being hijacked, with the original creator left out in the dark.
Graham Cluley, Senior Technology Consultant at Sophos, has posted a piece on the security blog, Naked Security, highlighting the issue of Facebook fan pages being hijacked. Whilst the blog post suggests it’s a security flaw rather than a deliberate feature, it does still raise some valid concerns. For example, what if you give admin rights to someone who later deletes the original owner like a company founder or a music artist, and all other admin people, and takes unofficial control of the Facebook Page?
On the other hand, one could argue that this is working as intended. If the creator of a Facebook Page lets someone else in as admin, they should have equal administrative rights. However, on Facebook’s FAQ it clearly states that “the original creator of the Page may never be removed by other Page admins.” So it’s either this needs to be updated and let people know that it is a feature, or it could be a flaw on Facebook’s side as they could not be aware of this.
In the video below, it shows how a newly appointed Page admin can remove the Page creator’s admin status, which can be very nasty in certain cases. Today, Facebook Pages are more than fun, they’re a serious part of business promotion and losing administrative access to a Page can lead to host of problems.
The Facebook discussion thread below suggests the confusion it has caused. In response to several people stating they’d lost ‘ownership’ of their account, Phill Grove states:
“The same happened to me on Sunday and this is a wide spread problem and the official Facebook response is that they WILL NOT change admins back but they can delete the page. We have built a business on Facebook and have spent over $18k growing our page and our database…”
Facebook has been notified about this issue which is causing much confusion, and I will update this post once it has been verified.
We all think of Facebook as a social network allowing for friends to keep in touch, a good way to market products or create awareness, but never think of the dangers involved. Have we ever stopped to read the terms and conditions on Facebook, or even the help page or security settings? I think it’s about time we started being cautious on the internet and not take anything for granted.