Facebook Security Glitch Gives User Administrative Access to Large Brand Pages


By Nick O'Neill Comment

-Facebook Pages Icon-This afternoon Tom Krieglstein sent me a video of an interesting glitch that took place to him which gave him administrative access to a number of large brand pages including Star Wars, American Airlines, Delta Airlines, and a number of others. He also was able to send out updates to the Stars Wars page (aka “public profile”) which has over 800,000 fans currently.

Thankfully updates aren’t read by users anymore so it probably wouldn’t make a big difference to send an update out even it was to millions of users. Regardless, it seems like a relatively large bug in the Pages product. Facebook has been having some buggy functionality since their update was released yesterday but this is more of a security issue than anything else.

Thankfully other users are not reporting similar errors so the odds are good that your public profiles are still secure. Also good was that Tom didn’t decide to abuse his power and modify the large branded public profiles that he was temporarily granted access to. If you are confused about what I’m describing, you can check out a screencast that Tom created quickly below.

While Facebook upgraded the new site design and the way that branded public profiles interact with users, there are still many more changes in the pipeline. Most important is that Facebook should be expanding their API for public profiles in the coming months. My guess is we’ll see a large release of new API functionality during this year’s f8 conference, Facebook’s annual conference for developers.

Have you been satisfied with the upgrades to the public profiles product? Have you seen any security glitches like the one illustrated in the video below?

Facebook sent us the following response: “We investigated this report and found it to be an isolated incident. Administrator rights were erroneously restored in this case because the user was the original creator of the Pages referenced. The error has been fixed, and we have received no other reports about this issue.”