29 Oct 2013
Tens of thousands of users worldwide were exposed to spam on their social media profiles after Buffer was hacked on Saturday. Attackers breached the application that helps users share posts on social media and abused users’ accounts by pushing spam messages on connected Facebook and Twitter profiles.
As soon as the hacking attack was discovered, the company disabled all posting to prevent more spam. Users already affected by the breach have to delete the spam messages from their social network feeds manually.
Facebook has informed the company that 30,000 users who have their account connected to Buffer have been targeted in the spam campaign. The number represents 6.3 percent of Buffer users on Facebook.
“We’ve discovered the source of the breach and closed the vulnerability,” Buffer CEO Joel Gascoigne said. “Since then we’ve taken key security measures: we have added encryption of OAuth access tokens and we have changed all API calls to use an added security parameter. Service has resumed with increased security since the incidents.”
The hackers haven’t actually stolen any passwords or payment information, nor have they directly compromised any social media accounts, Softpedia notes. Buffer is now recovering from the attack on its systems and continues the investigation.