Be careful while buying FB Groups!


#41

I’ve another suggestion. Go buy a live chat account and directly chat with facebook live support. Tell them the whole story may be they can help you out but don’t tell them you bought a group because selling/buying groups and pages isn’t allowed on Facebook. If you want a Facebook live chat account I can ask from some of my friends. Thanks


#42

Here’s Facebook’s response to my reporting of this vulnerability:

This is intentional behavior in our product. The new group admins are able to review the actions taken by the previous admin by navigating to their group and going to “Moderate Group” > “Admin Activity” (https://www.facebook.com/groups/[GROUP_ID]/admin_activities/). Then (if they choose to do so), they can cancel the invitation by removing the user from the group.

As such, we do not consider it a security vulnerability, but we do have controls in place to monitor and mitigate abuse.

Thanks,

Logan
Security

Can’t believe he said it’s “intentional” when it’s so damn bad and easy to exploit


#43

Wow, ok.

But what if the previous owner invite his other profile to become an admin and then approves like 2k posts/people to join the group?

will we need to search for the invitation?


#44

Thanks @jon1 for reporting this. It seems you were unlucky enough to encounter the Michael Scott of Facebook who couldn’t see how this thing can get abused. FB had the very same exploit for Fanpages and that was patched, yet this isn’t a problem for groups somehow?

Just like @Yair1238 said, searching through admin actions will be impossible if the scammer is crafty. Unless you can somehow filter out invites?


#45

Yea and that is pretty much what I replied to FB with.


#46

I tried to filter and there is no option like that