Feeds

Facebook deletes hacked Pages, destroying years of work

'Why won't it do what it says on the help page?'

5 things you didn’t know about cloud backup

Businesses and individuals using Facebook Pages are getting booted off their fanpage with no way back on, and it's costing some of them money.

Typically, the administrator tries to access the Page, only to discover that someone else has managed to get admin privileges and then deleted their admin status.

Because they are no longer an admin of the Page, they have no standing with Facebook and no way of getting rid of the usurper and are usually told by the social network that the only option they have is to report it as "infringing or violating their rights" so that it will be deleted. But for many users, this is a difficult option to swallow after months, or even years, spent building up their fanbase.

Ali Naqvi, owner and director of 123vouchercodes.co.uk, lost his Page around three months ago at great cost to his business.

"We had 6,000 fans who were genuine followers interested in our updates and clicking away. The clicks brought in about 10 to 15 per cent traffic every month," he told The Reg. "My webpage does about 50,000 unique visits a month – it's not huge, but at the same time, whatever traffic is there, 10 to 15 per cent is a big chunk of that."

After months of trying to get help from Facebook, Naqvi has resorted to starting a new Page, but it's not a solution he's happy with.

"I've actually started a new Page already, but the take-up is slow," he said. "I spent two years building the 6,000 fan base and I've just started now so it's only a couple of hundred on there. It's not the same, it's not going to bring the same amount of traffic."

Many users believed that the original creator of the Page could never be removed as administrator, as stated in its own help pages, but Facebook denies this.

A Facebook spokesperson told The Reg that original administrators could be removed, adding that this had benefits for businesses because they could delete people who had left the company.

Graham Cluley, senior technology consultant at Sophos Security, said this presented serious risks for businesses using Pages.

"I'm sure there are many people who run Facebook Pages who take the help page's word [on original creators] at face value, and believed it to be a safety net should anything ever go wrong. I certainly believed it to be true, which is why I was so surprised when I tested it for myself to find how simple it was to kick out the original admin," he said.

Without that safety net, someone outside the company could convince an administrator to give them access for marketing purposes or some other service and then take control of the Page, or any legitimate additional admins could have their computer hacked, resulting in everyone getting kicked off the Page, Cluley added.

"If you run a Page with a lot of fans that's a big problem – both for the fans (who might receive spam, malicious messages etc) and for your firm's brand," he said.

Other users who have lost their Pages have taken to the forums to vent their frustration at the lack of help from Facebook, and at the oft-quoted phrase from company that Pages "cannot be hacked".

The spokesperson also said that Facebook Pages could not be hacked and said the only way they could be taken over was if the email and password login were found out somehow, for example through phishing – which might be a little too much like splitting hairs for a lot of users.

"As long as the current administrators of a group keep their login details secure, keep their account enabled, and do not allow any suspicious people to become admins, then the group or Page will remain secure," Facebook said.

Naqvi said he had little interest in how his Page was hacked, but he wondered why, if a hacker had his Facebook login details, they hadn't taken over his profile along with his Page.

Facebook's spokesperson also said the site had a "host" of advanced tools to help people stay in control of their accounts, including login notifications, which let you save the devices you use to access your account, and "recent activity", where you can look at your recent activity and remotely close open sessions.

"Unfortunately, Facebook is not able to reinstate people as an admin for any group or page so, as always, we advise people to practice good online security," they said.

But Cluley said he didn't understand why it should be difficult for Facebook to reinstate original admins.

"After all, they presumably have a log of who originally created a page," he said.  "Even if they aren't prepared to put in a system to do that – why can't they code Facebook to do what its help pages say it will do? Either block attempts to remove the original admin, or send a request to the original admin asking if they agree to be removed from their administrator role.

"That would surely help prevent hijacks like this one taking place." ®

Boost IT visibility and business value

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE accused of silencing customer gripes on social media pages
Hello. HELLO. Can EVERYTHING EVERYWHERE HEAR ME?!
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?