OK, there are 2 groups here: Group A, which you're using as a list of users that are interested in a subject. Group B is used to perform the bug, and doesn't have to be an active group at all---You could have just created it for the purpose of performing the exploit.
Ahh my mistake. I didn't realise that you could just retrieve a full list of users for a group (I just tried it and you can) I suspect this API may be fairly closely watched however.
