Feeds

Facebook deletes hacked Pages, destroying years of work

'Why won't it do what it says on the help page?'

Secure remote control for conventional and virtual desktops

Businesses and individuals using Facebook Pages are getting booted off their fanpage with no way back on, and it's costing some of them money.

Typically, the administrator tries to access the Page, only to discover that someone else has managed to get admin privileges and then deleted their admin status.

Because they are no longer an admin of the Page, they have no standing with Facebook and no way of getting rid of the usurper and are usually told by the social network that the only option they have is to report it as "infringing or violating their rights" so that it will be deleted. But for many users, this is a difficult option to swallow after months, or even years, spent building up their fanbase.

Ali Naqvi, owner and director of 123vouchercodes.co.uk, lost his Page around three months ago at great cost to his business.

"We had 6,000 fans who were genuine followers interested in our updates and clicking away. The clicks brought in about 10 to 15 per cent traffic every month," he told The Reg. "My webpage does about 50,000 unique visits a month – it's not huge, but at the same time, whatever traffic is there, 10 to 15 per cent is a big chunk of that."

After months of trying to get help from Facebook, Naqvi has resorted to starting a new Page, but it's not a solution he's happy with.

"I've actually started a new Page already, but the take-up is slow," he said. "I spent two years building the 6,000 fan base and I've just started now so it's only a couple of hundred on there. It's not the same, it's not going to bring the same amount of traffic."

Many users believed that the original creator of the Page could never be removed as administrator, as stated in its own help pages, but Facebook denies this.

A Facebook spokesperson told The Reg that original administrators could be removed, adding that this had benefits for businesses because they could delete people who had left the company.

Graham Cluley, senior technology consultant at Sophos Security, said this presented serious risks for businesses using Pages.

"I'm sure there are many people who run Facebook Pages who take the help page's word [on original creators] at face value, and believed it to be a safety net should anything ever go wrong. I certainly believed it to be true, which is why I was so surprised when I tested it for myself to find how simple it was to kick out the original admin," he said.

Without that safety net, someone outside the company could convince an administrator to give them access for marketing purposes or some other service and then take control of the Page, or any legitimate additional admins could have their computer hacked, resulting in everyone getting kicked off the Page, Cluley added.

"If you run a Page with a lot of fans that's a big problem – both for the fans (who might receive spam, malicious messages etc) and for your firm's brand," he said.

Other users who have lost their Pages have taken to the forums to vent their frustration at the lack of help from Facebook, and at the oft-quoted phrase from company that Pages "cannot be hacked".

The spokesperson also said that Facebook Pages could not be hacked and said the only way they could be taken over was if the email and password login were found out somehow, for example through phishing – which might be a little too much like splitting hairs for a lot of users.

"As long as the current administrators of a group keep their login details secure, keep their account enabled, and do not allow any suspicious people to become admins, then the group or Page will remain secure," Facebook said.

Naqvi said he had little interest in how his Page was hacked, but he wondered why, if a hacker had his Facebook login details, they hadn't taken over his profile along with his Page.

Facebook's spokesperson also said the site had a "host" of advanced tools to help people stay in control of their accounts, including login notifications, which let you save the devices you use to access your account, and "recent activity", where you can look at your recent activity and remotely close open sessions.

"Unfortunately, Facebook is not able to reinstate people as an admin for any group or page so, as always, we advise people to practice good online security," they said.

But Cluley said he didn't understand why it should be difficult for Facebook to reinstate original admins.

"After all, they presumably have a log of who originally created a page," he said.  "Even if they aren't prepared to put in a system to do that – why can't they code Facebook to do what its help pages say it will do? Either block attempts to remove the original admin, or send a request to the original admin asking if they agree to be removed from their administrator role.

"That would surely help prevent hijacks like this one taking place." ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
Trans-Pacific: Google spaffs cash on FAST undersea packet-flinging
One of 6 backers for new 60 Tbps cable to hook US to Japan
Tech city types developing 'Google Glass for the blind' app
An app and service where other people 'see' for you
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.