Buffer Hacked, Attackers Send Out Spam via Customer Accounts

30,000 Facebook users and an unknown number of Twitter users are impacted

  Buffer hacked
Buffer, the company that provides users with a way to schedule the posts they share on social media websites such as Facebook and Twitter, was hacked on Saturday. The hackers used the access to push spam messages on the social media accounts of Buffer customers.

Buffer, the company that provides users with a way to schedule the posts they share on social media websites such as Facebook and Twitter, was hacked on Saturday. The hackers used the access to push spam messages on the social media accounts of Buffer customers.

As soon as the breach was discovered, the company disabled all postings to prevent more spamming. However, impacted customers have to delete the spam posts from their Facebook and Twitter feeds manually.

The hackers haven’t actually stolen any passwords or payment information, and they also haven’t directly compromised any social media accounts. However, by breaching Buffer’s systems, they’ve been able to send out spam on some Twitter and Facebook pages connected to the social media tool.

Buffer has worked throughout the weekend on addressing the issue. Facebook has informed the company that a total of 30,000 users who have their Facebook account connected to Buffer have been impacted by the spam problem. The number represents 6.3% of Buffer users on Facebook.

“Since then we’ve taken key security measures: we have added encryption of OAuth access tokens and we have changed all API calls to use an added security parameter. Service has resumed with increased security since the incidents,” Buffer CEO Joel Gascoigne noted in a blog post.

Several security experts have been called in to investigate the source of the breach.

The company is providing impacted customers with instructions on what they must do in order to restore everything back to normal. Currently, everything should be working properly.

Over the past period, cybercriminals have come to realize that they don’t necessarily have to directly compromise online accounts in order to take advantage of them. They simply hijack the systems of a third party connected to them. The attack of the Syrian Electronic Army on Outbrain is a perfect example.

Comments