Related Stories

Top 5 Stories


Facebook redesigns admin controls to prevent page hijacking

01 June 2012

Facebook has improved the protections for page administrators by enabling them to assign lower admin rights, which helps prevent page hijacking.

Under the new system, page “managers” can assign specific admin roles, everything from “content creator” to “insights analyst”, according to Facebook’s Help Center. The manager retains all of the admin authority, while the insights analyst can only view insights.

Last year, Graham Cluley with Sophos identified a vulnerability in Facebook that enabled someone to hijack a page from the page administrator. The changes announced this week by Facebook addressed this vulnerability, he noted.

“It's great to see Facebook maturing its system in this way. If you're in charge of a Facebook page, and sharing access to the page with other people, you would be wise to check the roles used by your co-admins now – and adjust them as required”, wrote Cluley in a blog post this week.

Cluley noted that Facebook pages are an important part of businesses’ marketing activities. Brands such as Coca-Cola, Victoria's Secret and Starbucks have millions of Facebook fans signed up to their pages.

“In the past, staff who simply wanted to access a Facebook page's admin panel to view statistics on how users were engaging with it, or running advertising campaigns, needed full admin rights – something which could be a disaster waiting to happen”, he wrote.

This article is featured in:
Application Security  •  Identity and Access Management  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×