Sophos Video demos to hijack Facebook Pages
Sophos has made a video demonstrating how easy it is to hijack a Facebook Page, due to a loop hole in the social network's settings. While the onus is on Facebook Page creators to be careful about who they grant admin access to, it is possible for newly appointed administrators to hijack the Page, removing the original creator's admin rights - effectively taking permanent control of the Page.
Facebook's own help pages state that 'the original creator of the Page may never be removed by other Page admins'; however Sophos video proves this may not be the case.
Graham Cluley, Senior Technology Consultant, Sophos said, "There are two issues here. Even if a trusted friend or colleague is working as an administrator on a Facebook Page, it is possible that their account may be compromised, giving the bad guys a chance to hijack the Facebook Page you've created. The other possibility is that the Page founder grants a stranger admin rights to the Page. While this might not sound like the best idea, there are several services, such as Fiverr, where you can find plenty of people offering to help you to maximize the success of your Facebook Page."
Cluley added, "If you give a cut-price 'social media expert' admin rights to your Facebook Page, you really only have yourself to blame if you're ousted. However, the question is - why can't Facebook do what its help pages say it will do - either block attempts to remove the original admin, or send a request to the original admin asking if they agree to be removed from their administrator role. That would surely help prevent hijacks like this taking place."