Many Facebook users have been surprised to find that they have been unwittingly resubscribed to Groups that they left years before, potentially allowing them to view sensitive and private information.
Here’s how one Facebook user described the rude awakening she had when her mobile phone alerted her to all the new groups she had been subscribed to:
"It's 3 a.m. I was asleep and my phone suddenly tells me I have 50 notifications from groups I somehow joined while I was sleeping. Some of them were groups I used to belong to but left, some aren't. ALL say I joined "24 minutes ago" while I was sleeping. What gives? No notifications saying I was added by anyone, just that I joined."
Another affected user was Bobby Clarke, who described how he had been subscribed to 250 groups without his permission (or presumably without the permission of whoever administers the groups):
https://twitter.com/Bobby_Clarke/status/273779262841044994
Another user (@kulturvulturz) described on Twitter how she was alarmed that highly sensitive information shared in private Facebook groups was now accessible by old members:
https://twitter.com/kulturvulturz/status/273780978344939521
And here’s @JanetCSIRT, who you would imagine are quite security-conscious:
@gcluley A facebook group I administer magically gained 400 new members overnight
— Janet CSIRT (@JanetCSIRT) November 28, 2012
This is all a far cry from the “private space” that Facebook advertises its Groups feature as being:
Create a private space
Have things you only want to share with a small group of people? Just create a group, add friends, and start sharing. Once you have your group, you can post updates, poll the group, chat with everyone at once, and more.
Would now be a good time to remind everyone of Facebook’s internal motto?
My guess is that Facebook *did* “move fast and break things” – and made a change to some of its systems, which caused this unintended privacy controversy.
I’m sure Facebook will try to fix the problem as quickly as possible.
But in the meantime, what should you do?
Well, the first thing is to manually unsubscribe yourself from Groups that you may have been unwittingly added to.
If you run a Facebook Group, it would probably be a good idea to check what users currently have the rights to access your content. And cross your fingers that it doesn’t happen again.
Finally, maybe now is also the time to reconsider just what kind of information you want to trust to “private”/”secret” Facebook Groups in future.
If you’re on Facebook, consider joining the Sophos Facebook page, where you can keep up-to-date on the latest privacy and security issues, and learn about the rogue applications, scams and malware attacks threatening Facebook users.