Many Facebook users have been surprised to find that they have been unwittingly resubscribed to Groups that they left years before, potentially allowing them to view sensitive and private information.
Here's how one Facebook user described the rude awakening she had when her mobile phone alerted her to all the new groups she had been subscribed to:
"It's 3 a.m. I was asleep and my phone suddenly tells me I have 50 notifications from groups I somehow joined while I was sleeping. Some of them were groups I used to belong to but left, some aren't. ALL say I joined "24 minutes ago" while I was sleeping. What gives? No notifications saying I was added by anyone, just that I joined."
Another affected user was Bobby Clarke, who described how he had been subscribed to 250 groups without his permission (or presumably without the permission of whoever administers the groups):
Another user (@kulturvulturz) described on Twitter how she was alarmed that highly sensitive information shared in private Facebook groups was now accessible by old members:
Am an admin on several secret/private groups on facebook with highly sensitive info. This morning all old members (from 5 years) were added—
Carrie CutforthYoung (@kulturvulturz) November 28, 2012
And here's @JanetCSIRT, who you would imagine are quite security-conscious:
This is all a far cry from the "private space" that Facebook advertises its Groups feature as being:
Create a private space
Have things you only want to share with a small group of people? Just create a group, add friends, and start sharing. Once you have your group, you can post updates, poll the group, chat with everyone at once, and more.
Would now be a good time to remind everyone of Facebook's internal motto?
My guess is that Facebook *did* "move fast and break things" - and made a change to some of its systems, which caused this unintended privacy controversy.
I'm sure Facebook will try to fix the problem as quickly as possible.
But in the meantime, what should you do?
Well, the first thing is to manually unsubscribe yourself from Groups that you may have been unwittingly added to.
If you run a Facebook Group, it would probably be a good idea to check what users currently have the rights to access your content. And cross your fingers that it doesn't happen again.
Finally, maybe now is also the time to reconsider just what kind of information you want to trust to "private"/"secret" Facebook Groups in future.
If you're on Facebook, consider joining the Sophos Facebook page, where you can keep up-to-date on the latest privacy and security issues, and learn about the rogue applications, scams and malware attacks threatening Facebook users.Follow @NakedSecurity