Be Careful Your Facebook Page Can be Hijacked

Hi everyone, people are always asking if my Facebook page can be hijacked or not? and the answer is YES.

How Your Facebook Page can be HijackedFacebook Page

Sophos a security company pointed out few days ago that anyone you give admin rights, can delete the page creator from the list of administrators. So be very careful about giving anyone the permission to be an administrator for your Facebook page.

While Sophos implies that Facebook would do well to add another security layer to the addition and deletion of page administrators, AllFacebook thinks that this is unnecessary. As current admins need to exercise good judgment before extending admin privileges to anyone else.

As I was following this topic from the beginning I have noticed that facebook changed the answer on the Facebook’s FAQ from “the original creator of the Page may never be removed by other Page admins.” which is WRONG as mentioned in the video embedded above to “Every admin has equal access to and the same abilities as the other admins for a Page.” which is now right.

In my point of view, the solution Facebook has done is good for now as they noticed us on Facebook’s FAQ about the abilities that the new admin can get, but we still hope that they develop more abilities for the page creator when it comes for having a new page admin. For example, me as page creator can give a limited abilities for the new admin which will be really awesome.

How Can You Stay Away From Being A Page Creator Hijacked

As you know that a newly appointed page admin can remove the Page’s creator, which can be very terrible in many cases. Today, Facebook Pages are more than fun, they’re a serious part of business promotion and losing administrative access to a Page can lead to host of problems. Furthermore, The only solution we have is to be very careful about giving anyone a permissions to be an administrator for your Facebook page.

Hijacked

About 

I'm a blogger & Internet entrepreneur.

116 Comments (click here to leave a comment)

  1. This really relates to never sharing your passwords with other people. While I understand the reason you may want another admin on a site for updates its insecure if everyone has the same privilege level. Perhaps facebook could further address this issue. Along the same security lines never use the same password for all account logins.

    • Faissal Alhaithami

      yeah! never share the password is a good way to secure our pages from being hijacked. Thanks a lot for the comment!

  2. This is definitely a warning that everyone should heed. Bottom-line, it comes down to strategically planning everything we do. Our business success depends upon it. We have to keep security on the top of our minds at all times.

  3. In fact there had to be creator and administrators level of users but Facebook Administrators are equivalent to creators. Our of sheer curiosity I’d deleted all the users from one of the page that made me administrator (I don’t know who the creator was and why they added me as administrator). And now that page is mine? None of them responded afterwards and I guess that page is dead now. ;-) Funny security setting in deed.

    Now because of this feature you can’t utsource the management of facebook pages or you should sign a bond first before handing over the admin status to anybody, isn’t it?

    • Hi suresh, unfortunately facebook will not look at any bond between you and the new admin. Simply don’t give the admin access to anyone!! except a person you trust so much :)

      Thanks for the comment.

  4. Thanks for sharing this useful Info!!!!

    We should be serious about that because from my point of view if we would not take serious that all things then it could be prove much costly for us even we can lost much option to earn money with one of the great social media site.

  5. Oh that is really a terrible news, now we have to be very careful before giving anyone the admin permission…..
    I think Facebook should also work on this issue, when in the rules it is clearly mentioned that other admins cannot remove the page creator then how come it is that the other admins are removing the page creator, it is a serious offense in Facebook ‘s point……..
    Facebook should not write or promise anything that they cannot fulfill……….

    • As I mentioned in the article that Facebook has changed it, here is a quote:

      ” facebook changed the answer on the Facebook’s FAQ from “the original creator of the Page may never be removed by other Page admins.” which is WRONG as mentioned in the video embedded above to “Every admin has equal access to and the same abilities as the other admins for a Page.” which is now right.”

      thanks for the comment

  6. craig sowerby

    Hi Faissall,

    Just goes to show that we all need to be very careful who we give access to help with our accounts. This should be with all accounts not just face book

    It is essential that we know who we are dealing with when it comes to outsourcing and getting other people to manage our projects

    Craig

  7. As a personal policy, I never give anyone admin level clearance on any of my sites, even if they are an admin.

    That’s just dangerous…especially if you tick them off right before they quit.

    Just saying…

    Mark

  8. MegB

    This is something which really need to take care lot as it concern to security of our hard worke and business.

    Thanks a lot for this.

  9. Wow, I had no idea… Although it’s not hard to imagine hackers thinking of this one.

    Thanks for the heads-up, Faissal.

    Ana

  10. This whole issue what makes me wary of investing tons of time, money, and content in a third party site you don’t have control over vs your own domain. You can permanently lose your Facebook page.

  11. Hi Faissal, It’s really no different than allowing guest posts. Once you give someone access, even as an author, they can do damage; delete comments, embed harmful code, etc.. It’s important to trust the people we allow access to out livelihood.

  12. Great Article Faissal! Although I do think EVERYONE should have a 2nd admin (should you ever get locked out of your page) it is also important as you said to be careful who we give access to.

    • Faissal Alhaithami

      Yeah I do think the same! I always encourage to have more than our selves as an admins for the reason you mentioned! and for me I gave admin access to my brother which is the best person that i can trust.

      thanks for the great comment, Joshua.

  13. Thanks for this alerting post. I never think about such tactics from hackers. keep on sharing more regarding such alerts and helping posts.

  14. Hi Faissal. Thanks for sharing this. For now, I believe that I am a bit on the clear about this issue but it certainly is good to know that FaceBook sadly does not provide additional layers of protection for admins. This is good info because I do have some clients that provide access to their pages for management purposes. They should know that the only way to prevent things like this to happen is by being careful. Not much of comfort there, but that’s it :)

  15. To be honest while it’s a bit of an oversight on Facebook’s part it’s not that bad.
    You don’t give Admin control of something like that to someone you can’t trust.
    Even if they couldn’t delete the account someone with malicious intent will always be able to do damage if it’s even simply being rude to your fans.

  16. Thanks for the warning, especially if you plan to have someone run the Facebook/social media side of your business. Perhaps Facebook can put in some other profile types that don’t allow full administrator access to your page. Something like WordPress’ contributor or editor would be nice to have.

  17. Great wake up post here!

    I would never share a password with anyone and if I think it is compromised then I change it asap…

    I have had entire websites hacked before and have learned valuable lessons.

    In regards to Facebook though, I am very worried about anyone that shares there password. For example children think it is funny to share their password on Facebook and let their friends pretend to be them. This has nothing to do with owning a website, but it has a lot to do with impersonating someone.

  18. Demi

    I know this because it happened to me. But thanks to this post I now know a little bit more on how to protect my facebook page.

  19. I think one should be careful of all these 3rd party apps and things they allow access to. Many are legit, but you really should think twice before allowing them, same with twitter or any other.

  20. Hey Faissal,

    Thanks for the information. I always think that the original admin can’t be removed as I understand from Facebook help. Gosh, I was wrong and this is so dangerous to pass on the admin right to other people, who can eventually remove you as the admin.

    Cheers,
    Ming

  21. Thanks so much for this heads-up, Faissal! That was a sure eye-opener. It’s really important to really be careful on who to trust with admin privileges like these not just in Facebook, but in other social media sites as well.

  22. Jenny

    after i read this blog it made me think i should check some of my domain maybe got some errors…thanks for the post very appreciated…

  23. eva

    Very informative and helpful post. You have good command on the topic and have explained in a very nice way. Thanks for sharing.

  24. Thanks for the tips! I suggest that the owner of the page should be the only one with admin privileges. If he decides to assign the admin right to someone else, then it might as well be someone that he really knows and someone that he can entrust his passwords with.

  25. Thanks for information. Prevention is better than cure so it is better not to give the admin privileges to anyone else unless otherwise you are dead sure about him/her .

  26. Facebook should implement more user levels when it comes to facebook pages , like user, moderator, administrator and the most important, Owner. Or at least Owner and administrator, making stuff a little be complicated to switch ownership.

  27. Faissal – I never thought of facebook hacking in this way! I guess it goes to show that you just need to be REALLY careful with who you give admin rights to on any page, because they could turn around and use it for something bad!!

  28. I never really thought of this since I am the only administrator of my page, so this very enlightening. Going forward, I will limit the access I give to others on all my social sites and blogs.

  29. Very interesting video.Facebook page being particularly used for branding need to be secured enough.After this post ,I don’t think giving admin rights to someone is pretty much good.

  30. This is very important to know and yes I will never honour any admin rights to any one.Good sharing and thanks for it.I have heard and read a lot about the FB usage.I hope that FB administration will be looking to solve.

  31. The best way to secure pages for page creators is to make those people admin who they know personally and who are really trustworthy. Why risk your page by making them admin whom you hardly know?

  32. I’ve been using Facebook fan page Common Craft videos since their inception to educate our teams about the changing digital world. Everybody loves them and they’re the gold standard as far as we’re concerned.

  33. Thanks Faissal for sharing. Yea, unfortunately Facebook been struggling with their security since their existence apparently, there are other tricks you can actually do to hijack a page or an account for that matter, unfortunately these tricks are widely popular among black hats and not very hard to implement. A script kiddie would be able to point to an account and get it hacked within a day or two.

    I actually wrote a couple of posts on how seriously ill Facebook security is, fortunately, just recently (specifically after the introduction of Google+), Facebook started to take their security more seriously than what they used to, many of those security holes were fixed, they still however have a long way ahead.

    • wow!!! I thought this is the only security hole that facebook has, it’s unfortunate to see the biggest social networking site straggly to get their security to the next level, we hope they will move forward in term of security.

      Thanks Mohamed for the great comment!

  34. I strongly believe in prevention and I also think that if you want something done, you must do it yourself.

    I know about this Facebook setting, so I never give admin to anybody else on my pages. It makes it a bit harder to follow everything that happens there, but at least I don’t worry about it being destroyed.

  35. I would love a feature allowing the creator of the page to give limited power to other people just like in WordPress. I wonder why for all the money they have, FaceBook does not have this feature yet.

  36. Download VMware Player ,install it
    defined a virtual machine using LiveCD with Kiwi Linux( no need knowledge for Linux).
    Acces your website or facebook account only from virtual machine.
    Because is a live distribution cannot be compromised.

  37. You can avoid this by frequently changing you facebook page password. There is one security in Facebook is you have to give machine name, so that it can be traced via IP address.

  38. I am not sure that’s an issue. Facebook included the opportunity of getting rid of the unique administration since at least 1 season, and offer all staff the same advantage. Consider you are a web agency and you have make the facebook Website of your customer, and your objective is over.

  39. Yes facebook pages are not just fun they became an integral part of our business. Its very bad if our page get hijacked. Thanks for the awareness.

  40. Just in the last 2 weeks my friend’s facebooks have been hacked. This freaks me out because I have so many programs that are linked to my facebook. I log into them through facebook. I need to take precautions not only to protect my facebook but all the apps that are connected to it.

  41. This is a huge limitation. There are people I trust to add to the page, but the problem is what happens if their facebook account gets hacked? If the are less sophisticated users, then there is the potential for phishing attacks on them that have a higher likelihood of success.

    So even if I fully trust another person to be an admin, I still have to worry about their account getting hacked and having the hacker take over my page. There is just too huge of an investment in my business page for me to risk that.

  42. My facebook page was hacked last week and I still don’t have access to years of family pictures and history. Now, to top it all off, the hacker has contacted me demanding money if I wan’t the account returned. Meanwhile, facebook does nothing! I created a petition on change.org to push facebook into action. The make billions from our personal information and now we demand they help us when it has been compromized while using their product. Please go to change.org and sign my petition so we can send a message! Here is a direct link to the petition:
    http://www.change.org/petitions/facebook-make-facebook-do-its-part-to-end-online-identity-theft-now

Trackbacks