We’re not even in the second week of 2020 yet and we’re already covering another Facebook scandal.
A Facebook bug temporarily allowed anyone to see who was the admin behind Facebook Pages. The entire purpose of Facebook Pages is often to conceal the identity of the poster(s).
This bug was live and active from Thursday evening until Friday morning. Upon checking the edit history on a page, one was greeted not just with the edits, but also the accounts that made those edits. This behavior is of course not intended as it renders the entire concept of Facebook Pages useless.
Facebook quickly pushed a fix to the bug, but not before message boards like 4Chan got wind of it and posted screenshots exposing accounts behind prominent pages like Banksy, Vladimir Putin, Hillary Clinton, Justin Trudeau, Anonymous, Greta Thunberg, Snoop Dogg, and others.
“We quickly fixed an issue where someone could see who edited or published a post on behalf of a Page when looking at its edit history,” Facebook said in a statement. “We are grateful to the security researcher who alerted us to this issue.” Facebook says the bug was the result of a code update that it pushed Thursday evening.
They tried to downplay the bug by saying it wasn’t something you would stumble upon, as you had to go to the page and intentionally view its edit history. They also said it doesn’t expose any information other than names and profile links.
“For sensitive Pages, I would not rule out that some people may be feeling that they are in danger due to what happened today,” says Lukasz Olejnik, an independent privacy adviser and research associate at Oxford University. “Using fake accounts to run Pages would have been a good idea. People who run sensitive Pages from their own Facebook should now consider that their identity may be known. While mistakes happen, this one is unexpected.”