Feeds

Facebook deletes hacked Pages, destroying years of work

'Why won't it do what it says on the help page?'

Build a Business Case: Developing Custom Apps

Businesses and individuals using Facebook Pages are getting booted off their fanpage with no way back on, and it's costing some of them money.

Typically, the administrator tries to access the Page, only to discover that someone else has managed to get admin privileges and then deleted their admin status.

Because they are no longer an admin of the Page, they have no standing with Facebook and no way of getting rid of the usurper and are usually told by the social network that the only option they have is to report it as "infringing or violating their rights" so that it will be deleted. But for many users, this is a difficult option to swallow after months, or even years, spent building up their fanbase.

Ali Naqvi, owner and director of 123vouchercodes.co.uk, lost his Page around three months ago at great cost to his business.

"We had 6,000 fans who were genuine followers interested in our updates and clicking away. The clicks brought in about 10 to 15 per cent traffic every month," he told The Reg. "My webpage does about 50,000 unique visits a month – it's not huge, but at the same time, whatever traffic is there, 10 to 15 per cent is a big chunk of that."

After months of trying to get help from Facebook, Naqvi has resorted to starting a new Page, but it's not a solution he's happy with.

"I've actually started a new Page already, but the take-up is slow," he said. "I spent two years building the 6,000 fan base and I've just started now so it's only a couple of hundred on there. It's not the same, it's not going to bring the same amount of traffic."

Many users believed that the original creator of the Page could never be removed as administrator, as stated in its own help pages, but Facebook denies this.

A Facebook spokesperson told The Reg that original administrators could be removed, adding that this had benefits for businesses because they could delete people who had left the company.

Graham Cluley, senior technology consultant at Sophos Security, said this presented serious risks for businesses using Pages.

"I'm sure there are many people who run Facebook Pages who take the help page's word [on original creators] at face value, and believed it to be a safety net should anything ever go wrong. I certainly believed it to be true, which is why I was so surprised when I tested it for myself to find how simple it was to kick out the original admin," he said.

Without that safety net, someone outside the company could convince an administrator to give them access for marketing purposes or some other service and then take control of the Page, or any legitimate additional admins could have their computer hacked, resulting in everyone getting kicked off the Page, Cluley added.

"If you run a Page with a lot of fans that's a big problem – both for the fans (who might receive spam, malicious messages etc) and for your firm's brand," he said.

Other users who have lost their Pages have taken to the forums to vent their frustration at the lack of help from Facebook, and at the oft-quoted phrase from company that Pages "cannot be hacked".

The spokesperson also said that Facebook Pages could not be hacked and said the only way they could be taken over was if the email and password login were found out somehow, for example through phishing – which might be a little too much like splitting hairs for a lot of users.

"As long as the current administrators of a group keep their login details secure, keep their account enabled, and do not allow any suspicious people to become admins, then the group or Page will remain secure," Facebook said.

Naqvi said he had little interest in how his Page was hacked, but he wondered why, if a hacker had his Facebook login details, they hadn't taken over his profile along with his Page.

Facebook's spokesperson also said the site had a "host" of advanced tools to help people stay in control of their accounts, including login notifications, which let you save the devices you use to access your account, and "recent activity", where you can look at your recent activity and remotely close open sessions.

"Unfortunately, Facebook is not able to reinstate people as an admin for any group or page so, as always, we advise people to practice good online security," they said.

But Cluley said he didn't understand why it should be difficult for Facebook to reinstate original admins.

"After all, they presumably have a log of who originally created a page," he said.  "Even if they aren't prepared to put in a system to do that – why can't they code Facebook to do what its help pages say it will do? Either block attempts to remove the original admin, or send a request to the original admin asking if they agree to be removed from their administrator role.

"That would surely help prevent hijacks like this one taking place." ®

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Brit celebs' homes VANISH from Google's Street View
Tony Blair's digs now a Tone-y Blur
Virgin Media goes titsup AGAIN. The cause? Yet MORE DNS strife
ISP refuses to comment on why outages keep happening
10Gbps over crumbling COPPER: Boffins cram bits down telco wire
XG-FAST tech could finesse fiber connections
What the world needs now is... a Bluetooth-enabled baby's dummy
Oh NO! Temp-sensor pacifier just got dunked in my tea
BT slapped down by BSkyB over O2 broadband 'switch off' porkies
Ad watchdog tells one-time state monopoly to behave
Islamic terror peril hits US giants' phone wallets
'We have made the decision to rebrand' says ISIS Isis
Do your execs take mobile security seriously?
Situation, tactics and air cover
BlackBerry knocks Google's KNOX LOCK PICK for Android
John Chen disses Samsung's security solution
Silent Circle takes on Skype, Viber, mobile telcos with crypto-VoIP
But, hey ... we cut the roaming charges, mumble mobile carriers
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
The Power of One Brief: Top reasons to choose HP BladeSystem
Download this brochure to find five ways HP BladeSystem can optimize your business with the power of one.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.