Buffer, popular social networking management system, was reportedly hacked on Saturday. Joel Gascoigne, Founder & Chief Executive Officer of Buffer, revealed the compromise two hours after the incident. Affected users may have experienced spam posts sent from Buffer.
Not Buffer user was affected by hack, and no passwords were compromised nor any billing/payment information were affected or exposed.
We’ve been using Buffer for over half a year, and it’s an excellent tool to manage content and repurpose across social networks. While we did not encounter any spam posts, we found our posts failed to be delivered to pre-set channels.
Buffer is my go-to tool for social media. The detailed analytics are incredibly insightful and help me and my team see what’s working as well as what’s not. – Guy Kawasaki, former Apple Evangelist
The Buffer team had increased security for how Twitter tokens were stored and deployed a fix. This explained why some posts failed to be delivered. As of 3pm PST, Twitter services were fully operational although users were required to reconnect all Twitter accounts.
Facebook connectivity experienced further outage until around 8pm PST. Users needed to simply “retry in Buffer” to get posts rescheduled for posting.
Facebook confirmed with Buffer that 30,000 Buffer users or 6.3% of the 476,343 users who had their Facebook page connected were affected and had spam posted.
The Buffer team has added encryption of OAuth access tokens and changed all API calls as an added security parameter.
Kudos to Joel and the Buffer team for their quick action, and openness in communicating the compromise to its users.
More updates to follow.
Source: Buffer Openness Blog