Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Facebook redesigns admin controls to prevent page hijacking

Facebook has improved the protections for page administrators by enabling them to assign lower admin rights, which helps prevent page hijacking
Facebook has improved the protections for page administrators by enabling them to assign lower admin rights, which helps prevent page hijacking

Under the new system, page “managers” can assign specific admin roles, everything from “content creator” to “insights analyst”, according to Facebook’s Help Center. The manager retains all of the admin authority, while the insights analyst can only view insights.

Last year, Graham Cluley with Sophos identified a vulnerability in Facebook that enabled someone to hijack a page from the page administrator. The changes announced this week by Facebook addressed this vulnerability, he noted.

“It's great to see Facebook maturing its system in this way. If you're in charge of a Facebook page, and sharing access to the page with other people, you would be wise to check the roles used by your co-admins now – and adjust them as required”, wrote Cluley in a blog post this week.

Cluley noted that Facebook pages are an important part of businesses’ marketing activities. Brands such as Coca-Cola, Victoria's Secret and Starbucks have millions of Facebook fans signed up to their pages.

“In the past, staff who simply wanted to access a Facebook page's admin panel to view statistics on how users were engaging with it, or running advertising campaigns, needed full admin rights – something which could be a disaster waiting to happen”, he wrote.