Facebook Groups privacy glitch – did social network move too fast and break things?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Facebook GroupsMany Facebook users have been surprised to find that they have been unwittingly resubscribed to Groups that they left years before, potentially allowing them to view sensitive and private information.

Here’s how one Facebook user described the rude awakening she had when her mobile phone alerted her to all the new groups she had been subscribed to:

"It's 3 a.m. I was asleep and my phone suddenly tells me I have 50 notifications from groups I somehow joined while I was sleeping. Some of them were groups I used to belong to but left, some aren't. ALL say I joined "24 minutes ago" while I was sleeping. What gives? No notifications saying I was added by anyone, just that I joined."

Complaints on Facebook

Sign up to our free newsletter.
Security news, advice, and tips.

Another affected user was Bobby Clarke, who described how he had been subscribed to 250 groups without his permission (or presumably without the permission of whoever administers the groups):

https://twitter.com/Bobby_Clarke/status/273779262841044994

Another user (@kulturvulturz) described on Twitter how she was alarmed that highly sensitive information shared in private Facebook groups was now accessible by old members:

https://twitter.com/kulturvulturz/status/273780978344939521

And here’s @JanetCSIRT, who you would imagine are quite security-conscious:

This is all a far cry from the “private space” that Facebook advertises its Groups feature as being:

Facebook Groups information

Create a private space
Have things you only want to share with a small group of people? Just create a group, add friends, and start sharing. Once you have your group, you can post updates, poll the group, chat with everyone at once, and more.

Would now be a good time to remind everyone of Facebook’s internal motto?

Move Fast and Break Things - poster at Facebook HQ

My guess is that Facebook *did* “move fast and break things” – and made a change to some of its systems, which caused this unintended privacy controversy.

Types of Facebook GroupI’m sure Facebook will try to fix the problem as quickly as possible.

But in the meantime, what should you do?

Well, the first thing is to manually unsubscribe yourself from Groups that you may have been unwittingly added to.

If you run a Facebook Group, it would probably be a good idea to check what users currently have the rights to access your content. And cross your fingers that it doesn’t happen again.

Finally, maybe now is also the time to reconsider just what kind of information you want to trust to “private”/”secret” Facebook Groups in future.

If you’re on Facebook, consider joining the Sophos Facebook page, where you can keep up-to-date on the latest privacy and security issues, and learn about the rogue applications, scams and malware attacks threatening Facebook users.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.