Buffer hacked, customer accounts misused to send out spam
Posted on 28 October 2013.
Buffer, the popular online service for managing one's social media presence by scheduling posts on Twitter, Facebook and LinkedIn, has announced on Saturday that they have been hacked, which resulted in a barrage of spam posts being sent out on behalf of some users.


Buffer founder and CEO Joel Gascoigne has not, at this time, shared details about how the breach happened, but has confirmed that spam has been sent out from some 30,000 Facebook accounts that users have connected to their Buffer accounts.

The company has disabled all postings to prevent more spam from going out as soon as they discovered the problem, and according to Gascoigne, they have "greatly increased security" of how they are posting to the two social networks.

They have also added encryption of OAuth access tokens and have changed all API calls to use an added security parameter.

Unfortunately, the posted spam messages cannot be deleted by Buffer, so Gascoigne invited users to check their Facebook and Twitter accounts and to delete them manually if they have been affected. Twitter users will also have to reconnect all their Twitter accounts so that they can continue with their posting.

The good news is that appears that no Buffer password were affected, and no billing or payment information was compromised, and the company is working with experts to find our just how the spammers managed to get into their systems.

The company is definitely to be complimented on their quick response and on how they are handling this incident and keeping users in the loop.









Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //