How Your Facebook Page can be Hijacked
Sophos a security company pointed out few days ago that anyone you give admin rights, can delete the page creator from the list of administrators. So be very careful about giving anyone the permission to be an administrator for your Facebook page.
Facebook would do well to add another security layer to the addition and deletion of page administrators, AllFacebook thinks that this is unnecessary. As current admins need to exercise good judgment before extending admin privileges to anyone else.
As I was following this topic from the beginning I have noticed that facebook changed the answer on the Facebook’s FAQ from “the original creator of the Page may never be removed by other Page admins.” which is WRONG as mentioned in the video embedded above to “Every admin has equal access to and the same abilities as the other admins for a Page.” which is now right.
In my point of view, the solution Facebook has done is good for now as they noticed us on Facebook’s FAQ about the abilities that the new admin can get, but we still hope that they develop more abilities for the page creator when it comes for having a new page admin. For example, me as page creator can give a limited abilities for the new admin which will be really awesome.
How Can You Stay Away From Being A Page Creator Hijacked
As you know that a newly appointed page admin can remove the Page's creator, which can be very terrible in many cases. Today, Facebook Pages are more than fun, they’re a serious part of business promotion and losing administrative access to a Page can lead to host of problems. Furthermore, The only solution we have is to be very careful about giving anyone a permissions to be an administrator for your Facebook page.
This really relates to never sharing your passwords with other people. While I understand the reason you may want another admin on a site for updates its insecure if everyone has the same privilege level. Perhaps facebook could further address this issue. Along the same security lines never use the same password for all account logins.
yeah! never share the password is a good way to secure our pages from being hijacked. Thanks a lot for the comment!
Can’t really imagine if someone’s facebook page is being abused in that way..
it’s crazy! everyday a lot of people get hijacked by this way!
This is definitely a warning that everyone should heed. Bottom-line, it comes down to strategically planning everything we do. Our business success depends upon it. We have to keep security on the top of our minds at all times.
Shaerryl, security is a column that our businesses can’t stand without. Thanks for the comment 😉
why would people go to some lengths to sabotage some one trying to make it life
I would like to answer you question! if i know the answer 🙂
thanks anyway for the comment.
In fact there had to be creator and administrators level of users but Facebook Administrators are equivalent to creators. Our of sheer curiosity I’d deleted all the users from one of the page that made me administrator (I don’t know who the creator was and why they added me as administrator). And now that page is mine? None of them responded afterwards and I guess that page is dead now. 😉 Funny security setting in deed.
Now because of this feature you can’t utsource the management of facebook pages or you should sign a bond first before handing over the admin status to anybody, isn’t it?
Hi suresh, unfortunately facebook will not look at any bond between you and the new admin. Simply don’t give the admin access to anyone!! except a person you trust so much 🙂
Thanks for the comment.
Oh that is really a terrible news, now we have to be very careful before giving anyone the admin permission…..
I think Facebook should also work on this issue, when in the rules it is clearly mentioned that other admins cannot remove the page creator then how come it is that the other admins are removing the page creator, it is a serious offense in Facebook ‘s point……..
Facebook should not write or promise anything that they cannot fulfill……….
As I mentioned in the article that Facebook has changed it, here is a quote:
” facebook changed the answer on the Facebook’s FAQ from “the original creator of the Page may never be removed by other Page admins.” which is WRONG as mentioned in the video embedded above to “Every admin has equal access to and the same abilities as the other admins for a Page.” which is now right.”
thanks for the comment
Hi Faissall,
Just goes to show that we all need to be very careful who we give access to help with our accounts. This should be with all accounts not just face book
It is essential that we know who we are dealing with when it comes to outsourcing and getting other people to manage our projects
Craig
You got the point here! Facebook page isn’t a web page that we can get a daily of weekly backups 😀 if you lose it then you lose it 🙁
thanks for the awesome comment 🙂
As a personal policy, I never give anyone admin level clearance on any of my sites, even if they are an admin.
That’s just dangerous…especially if you tick them off right before they quit.
Just saying…
Mark
Good to know that you have no problem with this, but you know there are people who aren’t aware of this 🙁 and they are a lot.
thanks for the comment.
This is something which really need to take care lot as it concern to security of our hard worke and business.
Thanks a lot for this.
agree with you! losing our hard work in this way I call it careless :@
thanks for the comment.
It’s always better to think as many times as possible before making someone your’s page admin. Prevention is better than cure.
Priya, Thanks for the comment 🙂
Yeah , when it became a big win then when we lose it, it became a huge lost.
thanks a lot for your great comment.
“https” security option is for facebook personal profiles! thanks a lot.
I always use ‘https’ for every login to the FB and the fanpage! although it does not guarantee escape from hijackers, But I thought it was quite helpful.
Velli, the “HTTPS” secure access is very helpful for our personal profiles! and for as long as our personal profile is secure, the page will be secure too.
As you said all these security options will not save us from the hijackers because given the access to them is not a security port from facebook but it’s a careless from us.
thanks for the comment.
I definitely agree that it is best to use the https for managing both Facebook AND Twitter.
For anyone looking to do this on Facebook, you visit: http://www.facebook.com/settings?tab=security and enable Secure Browsing.
For anyone looking to do this on Twitter you visit: https://twitter.com/settings/account and check “Always use HTTPS” at the very bottom of the screen.
Anne thanks a lot for providing these links!!
Wow, I had no idea… Although it’s not hard to imagine hackers thinking of this one.
Thanks for the heads-up, Faissal.
Ana
You welcome! hijackers always think in a way that people don’t imagine. Which makes it hard to understand how they hijack..
thanks for the comment..
This whole issue what makes me wary of investing tons of time, money, and content in a third party site you don’t have control over vs your own domain. You can permanently lose your Facebook page.
actually this isn’t a problem at all.. you need to follow facebook TOS and protect you account, then it will be impossible to lose it.
thanks for the comment.
As X-Files said “Trust No One”
Too much fraping from mates should teach you that.
Wow!! trust no one >>> Can be a good solution 😀 thanks!
Hi Faissal, It’s really no different than allowing guest posts. Once you give someone access, even as an author, they can do damage; delete comments, embed harmful code, etc.. It’s important to trust the people we allow access to out livelihood.
Brian, LOVE your example. Thanks a lot..
Thanks Faissal, I love your site.
LOVED YOURS TOO 😉
Great Article Faissal! Although I do think EVERYONE should have a 2nd admin (should you ever get locked out of your page) it is also important as you said to be careful who we give access to.
Yeah I do think the same! I always encourage to have more than our selves as an admins for the reason you mentioned! and for me I gave admin access to my brother which is the best person that i can trust.
thanks for the great comment, Joshua.
Thanks for this alerting post. I never think about such tactics from hackers. keep on sharing more regarding such alerts and helping posts.
I will be so happy to share more helping posts in the future! thanks a lot Reeha.
You are welcome Faissal.
Hi Faissal. Thanks for sharing this. For now, I believe that I am a bit on the clear about this issue but it certainly is good to know that FaceBook sadly does not provide additional layers of protection for admins. This is good info because I do have some clients that provide access to their pages for management purposes. They should know that the only way to prevent things like this to happen is by being careful. Not much of comfort there, but that’s it 🙂
Yeah! we hope facebook will develop some great features soon! thanks Ditesco.
To be honest while it’s a bit of an oversight on Facebook’s part it’s not that bad.
You don’t give Admin control of something like that to someone you can’t trust.
Even if they couldn’t delete the account someone with malicious intent will always be able to do damage if it’s even simply being rude to your fans.
yeah agree with you Mike! thanks a lot for the comment.
OMG this is crazy – I’d never give my admin rights out! Losing a page would be an awful loss! Thanks for the heads-up
you are welcome Sandip.
Thanks for the warning, especially if you plan to have someone run the Facebook/social media side of your business. Perhaps Facebook can put in some other profile types that don’t allow full administrator access to your page. Something like WordPress’ contributor or editor would be nice to have.
Lionel, I guess facebook will develop these functionality in the near future! I hope 😀
thanks for the comment 🙂
Great wake up post here!
I would never share a password with anyone and if I think it is compromised then I change it asap…
I have had entire websites hacked before and have learned valuable lessons.
In regards to Facebook though, I am very worried about anyone that shares there password. For example children think it is funny to share their password on Facebook and let their friends pretend to be them. This has nothing to do with owning a website, but it has a lot to do with impersonating someone.
You are so right, Mitz. Actually, It’s not wrong to make a mistake, it’s wrong to keep making it. I like your comment. thanks!
Never really thought about this to be honest, but after reading this a bit worried about my other admins 🙂 .
Hi Nishadha, make sure they are good to trust 😀
thanks for the comment.
I know this because it happened to me. But thanks to this post I now know a little bit more on how to protect my facebook page.
OPS!! sorry to hear that 🙁
don’t ever give up!! thanks for the comment.
I think one should be careful of all these 3rd party apps and things they allow access to. Many are legit, but you really should think twice before allowing them, same with twitter or any other.
yeah you are right!! thanks Ray for the comment!
Hey Faissal,
Thanks for the information. I always think that the original admin can’t be removed as I understand from Facebook help. Gosh, I was wrong and this is so dangerous to pass on the admin right to other people, who can eventually remove you as the admin.
Cheers,
Ming
yeah as you said it is dangerous!! Facebook as changed it now 😀 good to them!! but it’s still not for us lol^^
thanks for the comment!
Thanks so much for this heads-up, Faissal! That was a sure eye-opener. It’s really important to really be careful on who to trust with admin privileges like these not just in Facebook, but in other social media sites as well.
Adeline, you are right we have to be careful 🙂
Thanks a lot for the comment!
after i read this blog it made me think i should check some of my domain maybe got some errors…thanks for the post very appreciated…
You are so welcome 🙂 and Please do 😀
Very informative and helpful post. You have good command on the topic and have explained in a very nice way. Thanks for sharing.
Glad you like it, Eva! thanks for the comment!
Thanks for the tips! I suggest that the owner of the page should be the only one with admin privileges. If he decides to assign the admin right to someone else, then it might as well be someone that he really knows and someone that he can entrust his passwords with.
Agree with you, Wesley! we shouldn’t let anyone to be the admin.
Thanks for information. Prevention is better than cure so it is better not to give the admin privileges to anyone else unless otherwise you are dead sure about him/her .
“Prevention is better than cure” loved that!
thanks a lot for the comment, Zeeshan!!
It would be terrible for me with more than 11k fans 🙂
yeah it will be a big lose!! I hope that won’t happen for you!!
Thanks for stopping by 😉
Facebook should implement more user levels when it comes to facebook pages , like user, moderator, administrator and the most important, Owner. Or at least Owner and administrator, making stuff a little be complicated to switch ownership.
yes! you are right! we hope that will happen soon.
Faissal – I never thought of facebook hacking in this way! I guess it goes to show that you just need to be REALLY careful with who you give admin rights to on any page, because they could turn around and use it for something bad!!
Yeah So right!! Thanks laurie for the comment!
I never really thought of this since I am the only administrator of my page, so this very enlightening. Going forward, I will limit the access I give to others on all my social sites and blogs.
Marcie, Great step! Hope everything will go fine with you!
Thanks for the comment!
Very interesting video.Facebook page being particularly used for branding need to be secured enough.After this post ,I don’t think giving admin rights to someone is pretty much good.
Yeah! for me I’ll never give the admin right to someone i don’t know!
Thanks for the comment.
This is very important to know and yes I will never honour any admin rights to any one.Good sharing and thanks for it.I have heard and read a lot about the FB usage.I hope that FB administration will be looking to solve.
We are all looking forward for a big movement from facebook! thanks for the comment!
The best way to secure pages for page creators is to make those people admin who they know personally and who are really trustworthy. Why risk your page by making them admin whom you hardly know?
Great point, Shree!
thanks for stopping and adding this great comment!
I’ve been using Facebook fan page Common Craft videos since their inception to educate our teams about the changing digital world. Everybody loves them and they’re the gold standard as far as we’re concerned.
Thanks for the comment 🙂
Thanks Faissal for sharing. Yea, unfortunately Facebook been struggling with their security since their existence apparently, there are other tricks you can actually do to hijack a page or an account for that matter, unfortunately these tricks are widely popular among black hats and not very hard to implement. A script kiddie would be able to point to an account and get it hacked within a day or two.
I actually wrote a couple of posts on how seriously ill Facebook security is, fortunately, just recently (specifically after the introduction of Google+), Facebook started to take their security more seriously than what they used to, many of those security holes were fixed, they still however have a long way ahead.
wow!!! I thought this is the only security hole that facebook has, it’s unfortunate to see the biggest social networking site straggly to get their security to the next level, we hope they will move forward in term of security.
Thanks Mohamed for the great comment!
If CIA’s site can be hijacked, I surely believe you master.
lol^^ but the way facebook pages get hijacked is really stupid!
thanks binny for the comment!
You have been using the new commentluv premium plugin and it looks awesome. I plan to buy one now from here 🙂
Please consider buy it through Ms.Ilease link:
http://www.commentluv.com/?ref=clp-ileane.b83
So Ms.Ileane can get a good commission! She deserve 🙂
I strongly believe in prevention and I also think that if you want something done, you must do it yourself.
I know about this Facebook setting, so I never give admin to anybody else on my pages. It makes it a bit harder to follow everything that happens there, but at least I don’t worry about it being destroyed.
Great Ana! Thanks for the comment!
You shouldn’t share your login details with anyone, or click on foreign links. Thanks for posting this!
you are right! Thanks a lot for the comment.
Oh that is really a bad news…………… Facebook another problem, please do something to make yourself problem free………….
They’re in changing now! we hope they do something about that.
Thanks for the comment,
Oopsie, another problem!! I need to take some precautions I guess! :/
I would love a feature allowing the creator of the page to give limited power to other people just like in WordPress. I wonder why for all the money they have, FaceBook does not have this feature yet.
we hope that they will soon make some good changes 🙂
thanks for stopping by.
Download VMware Player ,install it
defined a virtual machine using LiveCD with Kiwi Linux( no need knowledge for Linux).
Acces your website or facebook account only from virtual machine.
Because is a live distribution cannot be compromised.
amm this has nothing to do with our subject,
anyway thanks for the comment.
You can avoid this by frequently changing you facebook page password. There is one security in Facebook is you have to give machine name, so that it can be traced via IP address.
Hi, I don’t think changing password can change anything, as pages don’t have password 🙂
I am not sure that’s an issue. Facebook included the opportunity of getting rid of the unique administration since at least 1 season, and offer all staff the same advantage. Consider you are a web agency and you have make the facebook Website of your customer, and your objective is over.
Yes facebook pages are not just fun they became an integral part of our business. Its very bad if our page get hijacked. Thanks for the awareness.
Just in the last 2 weeks my friend’s facebooks have been hacked. This freaks me out because I have so many programs that are linked to my facebook. I log into them through facebook. I need to take precautions not only to protect my facebook but all the apps that are connected to it.
Facebook is more than just fun! And as facebook users, personal and business, we really should watch out for hackers and change pass word every few months.
This is a huge limitation. There are people I trust to add to the page, but the problem is what happens if their facebook account gets hacked? If the are less sophisticated users, then there is the potential for phishing attacks on them that have a higher likelihood of success.
So even if I fully trust another person to be an admin, I still have to worry about their account getting hacked and having the hacker take over my page. There is just too huge of an investment in my business page for me to risk that.
ohh .. i don’t know about this .. thanks for let me know 😉
My facebook page was hacked last week and I still don’t have access to years of family pictures and history. Now, to top it all off, the hacker has contacted me demanding money if I wan’t the account returned. Meanwhile, facebook does nothing! I created a petition on change.org to push facebook into action. The make billions from our personal information and now we demand they help us when it has been compromized while using their product. Please go to change.org and sign my petition so we can send a message! Here is a direct link to the petition:
http://www.change.org/petitions/facebook-make-facebook-do-its-part-to-end-online-identity-theft-now