Facebook Groups privacy glitch - did social network move too fast and break things?

Filed Under: Facebook, Featured, Privacy, Social networks

Facebook GroupsMany Facebook users have been surprised to find that they have been unwittingly resubscribed to Groups that they left years before, potentially allowing them to view sensitive and private information.

Here's how one Facebook user described the rude awakening she had when her mobile phone alerted her to all the new groups she had been subscribed to:

"It's 3 a.m. I was asleep and my phone suddenly tells me I have 50 notifications from groups I somehow joined while I was sleeping. Some of them were groups I used to belong to but left, some aren't. ALL say I joined "24 minutes ago" while I was sleeping. What gives? No notifications saying I was added by anyone, just that I joined."

Complaints on Facebook

Another affected user was Bobby Clarke, who described how he had been subscribed to 250 groups without his permission (or presumably without the permission of whoever administers the groups):

https://twitter.com/Bobby_Clarke/status/273779262841044994

Another user (@kulturvulturz) described on Twitter how she was alarmed that highly sensitive information shared in private Facebook groups was now accessible by old members:

And here's @JanetCSIRT, who you would imagine are quite security-conscious:

This is all a far cry from the "private space" that Facebook advertises its Groups feature as being:

Facebook Groups information

Create a private space
Have things you only want to share with a small group of people? Just create a group, add friends, and start sharing. Once you have your group, you can post updates, poll the group, chat with everyone at once, and more.

Would now be a good time to remind everyone of Facebook's internal motto?

Move Fast and Break Things - poster at Facebook HQ

My guess is that Facebook *did* "move fast and break things" - and made a change to some of its systems, which caused this unintended privacy controversy.

Types of Facebook GroupI'm sure Facebook will try to fix the problem as quickly as possible.

But in the meantime, what should you do?

Well, the first thing is to manually unsubscribe yourself from Groups that you may have been unwittingly added to.

If you run a Facebook Group, it would probably be a good idea to check what users currently have the rights to access your content. And cross your fingers that it doesn't happen again.

Finally, maybe now is also the time to reconsider just what kind of information you want to trust to "private"/"secret" Facebook Groups in future.

If you're on Facebook, consider joining the Sophos Facebook page, where you can keep up-to-date on the latest privacy and security issues, and learn about the rogue applications, scams and malware attacks threatening Facebook users.

, , ,

You might like

22 Responses to Facebook Groups privacy glitch - did social network move too fast and break things?

  1. Freida Gray · 661 days ago

    This may have something to do with the new group feature that lets people in the group see who has "seen" each post in the group.

  2. Karen Mathews · 661 days ago

    I run a group page on FB. How do we check what users have access to our content? Also, how do I make it a closed Group? Thanks!

  3. Goose · 661 days ago

    Totally busted a troll in a group because of this glitch. Thanks facebook!

  4. wah! it's a free product! you get what you pay for. don't like it, don't use it!

    • Richard · 660 days ago

      Here, have this free asbestos-stuffed teddy-bear. It's *totally* safe for your children to play with.

      Oh, you want to complain that your children played with it and got lung cancer? Tough. You get what you pay for.

      Does that sound acceptable to you?

      • Carlos · 660 days ago

        Absolutely. You know Facebook IS an asbestos-stuffed teddy-bear and you know it's not safe to play with.

        If you are surprised when Facebook screws you, you're the one with the problem.

        They live to screw you. It's their business model. They send you updates from time to time letting you know the new ways in which they intend to screw you.

        I have no sympathy for anyone using Facebook of their own free will.

  5. Having woken up to being a member of several groups that I had left months ago, I was really shocked, especially since the rejoining was done at 3AM, while I was asleep. I removed myself from the 2 groups I had been added to again and hopefully things are done now with it.

  6. Same thing happened to me. Supposedly at 3AM, I rejoined groups that I had left months ago. Not a good thing to wake up to since I left those groups for specific reasons.

  7. I have been added to groups but can't leave them because when I try, fb tells me that I am not a member. People have been added to groups I admin but when I try to delete them it tells me they aren't members. Including blocked trolls. Having to delete confidential information from the groups. Thanks a bunch fb!

  8. Nigel · 661 days ago

    "Move fast and break things."

    What a perfect motto for an organization that thrives on chaos and exploitation.

  9. tess · 661 days ago

    I was added to an old group, along with 2 new groups. my teenage daughter was added to 8 new groups. I don't like the fact that you can be added to groups without your consent. We manually left each group, but that doesn't change the fact we shouldn't have been added in the first place.

  10. wally · 661 days ago

    I can't understand why people still trust Facebook with anything they wouldn't put on a billboard.

  11. ...And now facebook has facebook gifts...

  12. alice · 661 days ago

    Checking my facebook group list it appears that I was added to about four groups last night that I didn't even know existed (all technology-related). In fact, one group appears to have been established a year ago, but didn't gain ANY new members until 19 hours ago. Now it has a grand total of eight. I do have a connection to all the organisations in some way, usually from receiving newsletters or attending conferences, so they would have the email address that links to my facebook page. Makes you wonder...

  13. KGriffith · 661 days ago

    We have 33 members who were removed for violations from our secret group who are now IN the group again. Thank you very much. Not.

  14. Evan · 661 days ago

    I had about 30 old members added to a group I administer - and the bloody interface won't let me remove them because it claims they're not group group members.

    Stupid thing.

  15. I was added into over 52 groups. A bunch of them were groups I have never even heard of and some were explicit. The really fun part is when you go to remove yourself from all the groups it gives you an error and won't allow you to leave the group. Very frustrating. Big fail Facebook!

  16. damn.. same thing happened to me!

  17. I can't believe that people would share sensitive information in any group on facebook. With all the privacy concerns that people have it boggles the mind.

  18. Michelle · 659 days ago

    Found this out the hard way yesterday. As webmaster for an organization, I have no choice about using Facebook. I am stuck with it, like it or not.

    It's very annoying to have to leave each group manually one by one. Like some of the others here, I could not remove myself from some of the groups.

  19. Paul · 657 days ago

    if you are stupid join facebook for real, do as I do don't.!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.