I have long maintained that Facebook’s databases are dying (hence their need to force people to download malware) and tonight’s discovery is a case of ‘What more proof do you need?’
Tonight, I can edit a verified (blue-ticked) Facebook page with a fan base in the high five figures that is not mine. I can view all the messages, remove admins, receive notifications, and comment and like as that page. The one thing I cannot do is notify the real owner of that page via Facebook messaging.
This is not unlike in 2013, when someone found themselves a fan of my public page—but they never liked it. Fortunately for me, they believed us when we said we knew nothing of it.
And fortunately for this person, I am (a) not dodgy and (b) I know her in real life, though I have not spoken to her in over three years. She hasn’t made me an admin. I’ve looked on the list of pages I really administer and hers isn’t there. I’ve gone into her page’s settings and the page roles, and I’m not listed as an admin. Yet I can do everything an admin can. There’s a box right there for me to add other people as admins to her page. I could kick her off.
I tried contacting this person’s private profile via Facebook messaging as myself. Impossible. I can’t attach screen shots to show her what I discovered, and clicking ‘Send’ does nothing. I will, of course, email her.
How did I find out? Someone shared an article from the Lucire Facebook page. I clicked through to see if the sharer had written anything. I wanted to ‘like’ the share as Lucire rather than myself, and discovered that I could only be me and this other person. In fact, I could do nothing in the name of the pages I actually run. The sharer does not have either me or this person as Facebook friends.
This blog post is a warning to anyone with a Facebook page. Just know that at any time, access to your page can be granted to someone else.
If pages are no longer secure, then I have to ask: what is the point of Facebook?
This isn’t good news for us at all because one of the businesses I am involved in relies on Facebook.
But it’s certainly a risky platform to be on, and I am willing to bet this bug will become more widespread.