Facebook Page Admin Issue Raises Questions Over Security
When you create a Facebook page, the social network allows you to add other admins to help you manage it. However, there is an issue with this in that Facebook allows those other admins to remove your administrative privileges so that they can hijack the page and take control of it.
This issue has been highlighted by Naked Security, which claims that this is a security flaw. Facebook says in its Help Center that, if you are added as a page admin, you cannot revoke the administrative privileges of the person who created that page — however, this does not appear to be the case. It should be noted that Facebook has allowed page admins to remove a page creator’s admin privileges since June 2010.
I don’t think this is necessarily an issue with Facebook itself (other than the fact that the information provided in the Help Center is incorrect), but rather one of trust. If you cannot be 100 percent sure that someone you add as a page admin will not abuse that power, don’t give it to them.
This issue raises questions over what might happen when, for instance, a social media intern is made an administrator of a big brand’s Facebook page and then decides to delete all of the other admins on a whim. It is not clear if Facebook would restore the brand’s access to the page and allow the page’s creator to take control of it again.
It would make sense for Facebook to allow page creators to determine what level of control various admins have over the page. For instance, you might want someone to be able to post content on your page without worrying that they will remove you as an administrator. Rolling out additional page admin controls would cut down the likelihood of abuse or page hijacking.
Additionally, perhaps Facebook could protect the status of page creators so that other admins cannot remove them while allowing them to pass ownership of the page on to someone else if they choose. This would make particular sense if a page is created by a third-party company on the behalf of a brand.
This surely a huge flaw in facebook’s security. I was removed ad admin of a page I created too: http://www.facebook.com/hudsonvalleygarlic