No Hacking Required: Group Gets Control Of Facebook Sites

The breach was first reported by the blog Loose Wire.

Facebook, in a statement, was careful to assert the action taken by Control Your Info was not a hijacking of those Groups, because the Groups had no administrators to hijack.

According to Control Your Info, it simply found -- through a simple Google query -- which Facebook Groups had no administrator. It then logged into the Groups as their administrator.

Once it became administrator, Control Your Info had carte blanche over settings and data in the groups. "We chose to change the picture, the name and the description of every group," wrote Control Your Info on its blog.

The organization posted this note on the affected Group sites:

Hello, we hereby announce that we have officially hijacked your Facebook group.

This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severly. [sic]

For example we could rename your group and call it something very inappropriate and nasty, like "I support pedophile's rights". But have no fear - we won't. We just renamed it Control Your Info. Because this is really all we want:

Think about the safety in your social media life to the same extent you do in your real life.

Watch the videoclip for more information or check out www.controlyour.info for more tips soon!

We promise to restore your group name and leave the group by the end of next week. Don't worry - we won't mess anything up.

Best regards

/controlyour.info

Of course, that broke the social networking site's code of conduct.

"During the process we broke the terms of service, as defined in the Statement of Rights and Responsibilities of Facebook, and were rightfully banned," wrote Control Your Info on its blog.

Control Your Info seems to have perpetrated the takeover as a public service. At the very least, it has generated quite a bit of buzz about Facebook's privacy holes -- again.