If you've been reading tech blogs lately, you may have heard about the latest security scare to hit Facebook, the world's most popular social network - the "hijacking" of nearly 300 Facebook Groups by a privacy advocacy group called control your info. The group, which (according to its website) seeks to raise awareness of what it considers to be a security flaw in Facebook's Group architecture, took control of the social groups earlier this week, changing their name and description to indicate that they had been hijacked.

A bit of explanation: Facebook Groups are sort of like fan clubs, or any other kind of interest-based organization. Groups show up on the member users' Facebook profile pages, as well as in the News Feeds of their friends. Anyone on Facebook can start a Facebook group, and the administrator can choose other users to help administrate the Group. However, as control your info discovered, when the administrator of a group steps down and does not appoint a replacement, the group becomes "orphaned" any any group member can step up, without permission, and take on the role of the group's administrator. Facebook says this is intentional, to make sure that Groups survive if their administrators quit administrating.

The problem, of course, is that once a user has appointed him or herself the Group's administrator, they can change anything they want to about the group - the description, name, image - basically they have full control over the Group. While this may at first seem harmless, imagine this possible scenario: a Facebook who's currently applying for a job has joined a Facebook group whose administrator has stepped down and in which a power vacuum exists. Unbeknown to the user, another Facebook user joins the group and appoints himself administrator, then changes the name, description and image of the group to something negative, embarrassing or otherwise compromising. Then, during the course of that job candidate's vetting procedures, his Facebook profile is checked and he's noted to be a member of a negative group.

It's quite easy to imagine, and according to Facebook, they don't intend to fix it, because they don't think there's a problem.

In a press release about the Group hijackings, Facebook said:

So, to sum it up: "What happened (the Group hijacking) didn't happen. There was no hijacking. Basically, we're going to cover up the incident and pretend that it won't happen in the future - even though millions of potential pranksters have now been made aware of how easy it is to take advantage of."

The potential for malicious behavior enabled by this exploit is large - but according to Facebook, they're not going to take any pro-active steps to change it - they're going to wait until it becomes a problem again, and wait until they actually notice the problem, and then they're going to keep applying band-aid solutions to it.

The group responsible for the hijackings, control your info, has been banned on Facebook, and the social network has begun the process of eradicating the hijacked Groups (despite the fact, of course, that there was no hijacking, says Facebook). According to the privacy group, they only intended to draw attention to the problem in a way that would cause people to notice and remember it - and that's definitely the effect that they've had.

From their website:

Message received - I'll be making sure all of my Facebook Groups have an owner, and I'll be letting Facebook know what I think about their head-in-the-sand response to the widely-reported incident.