All posting activity is halted as the team at Buffer tries to find a fix.
Buffer, the service that lets you schedule posts for various social networks, has been hacked. The issue was first noticed when users began seeing spammy posts that were sent through Buffer. Then the team at Buffer confirmed that its services were hacked, and that all auto posting has been disabled.
Hi all. So sorry, it looks like we’ve been compromised. Temporarily pausing all posts as we investigate. We’ll update ASAP.
— Buffer (@buffer) October 26, 2013
Buffer has over 1 million registered users, and has mentioned in a post on its blog that it is working hard to restore services to users. A majority of users who had auto posting selected on Buffer were found to be sharing messages on how to lose weight.
It is unclear as of yet as to how the service was hacked, but Buffer has revoked its access tokens for all networks, and users have to re-authorize the service to start using it again. Buffer uses oAuth to access users’ social accounts, so users in all likelihood need not worry about changing their passwords on social networks that were granted access to Buffer.
Here is the email Buffer sent out to its users in its entirety:
I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
The best steps for you to take right now and important information for you:
- Remove posts from your Facebook page or Twitter page that look like spam
- Keep an eye on Buffer’s Twitter page and Facebook page
- Your Buffer passwords are not affected
- No billing or payment information was affected or exposed
- All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation
I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
– Joel and the Buffer team