This afternoon Tom Krieglstein sent me a video of an interesting glitch that took place to him which gave him administrative access to a number of large brand pages including Star Wars, American Airlines, Delta Airlines, and a number of others. He also was able to send out updates to the Stars Wars page (aka “public profile”) which has over 800,000 fans currently.
Thankfully updates aren’t read by users anymore so it probably wouldn’t make a big difference to send an update out even it was to millions of users. Regardless, it seems like a relatively large bug in the Pages product. Facebook has been having some buggy functionality since their update was released yesterday but this is more of a security issue than anything else.
Thankfully other users are not reporting similar errors so the odds are good that your public profiles are still secure. Also good was that Tom didn’t decide to abuse his power and modify the large branded public profiles that he was temporarily granted access to. If you are confused about what I’m describing, you can check out a screencast that Tom created quickly below.
While Facebook upgraded the new site design and the way that branded public profiles interact with users, there are still many more changes in the pipeline. Most important is that Facebook should be expanding their API for public profiles in the coming months. My guess is we’ll see a large release of new API functionality during this year’s f8 conference, Facebook’s annual conference for developers.
Have you been satisfied with the upgrades to the public profiles product? Have you seen any security glitches like the one illustrated in the video below?
Update
Facebook sent us the following response: “We investigated this report and found it to be an isolated incident. Administrator rights were erroneously restored in this case because the user was the original creator of the Pages referenced. The error has been fixed, and we have received no other reports about this issue.”
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
If he had access to those pages… then probably also to the credit info that might be linked to advertising. Scary!
Comment by Dana King — March 26, 2009 @ 12:04 pm
"Thankfully updates aren’t read by users anymore so it probably wouldn’t make a big difference to send an update out even it was to millions of users."
Facebook just turned updates back on. it's now under the "requests" section
Comment by James Clark Embree — March 27, 2009 @ 3:17 pm
Well, it's not just brand pages, it's any individual public profile. FB is so buggy that I see a friend of mine's profile being hacked all the time. For some reasons, my friend doesn't want to lodge a complaint against that hacker but the hacker is abusing his admin power and threatening my friend. Contacting FB is useless too as it is all about coverup, policits, blaming someone else, and non-sense. I'm so frustrated with FB. It's not a strong site in terms of profile's security and privacy.
Comment by Mahdad Zarafshan — April 4, 2009 @ 11:39 pm
It looks like my security has been hijacked on Facebook. I received a link to a video that said it was sent by a friend. When I attempted to open it, I immediately received notification that my computer was infected. My friends have received links, supposedly from me, that I have not sent. When I attempted to change my password into my account, it doesn’t recognize my password. I need assistance in fixing this. I have managed to remove the viruses, but now am afraid to trust FB!
Comment by Charlee Gowin — June 9, 2009 @ 9:57 am