Buffer Hacked

There, I must admit I had a very hard time trying to restrain myself with headlines and link bait. In the end I relented and went with short and sweet.

Today I received an email that sent me into a fit of apoplexy. It turns out that the social media aggregation site, BufferApp.com, was compromised earlier today. A significant number (actual number unclear as of this writing) of users had their accounts taken over by nefarious types who then took to sending our spam posts via that linked Facebook and Twitter accounts.

The email:

Hi there,


I wanted to get in touch to apologize for the awful experience we've caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.


Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We're working hard to fix this problem right now and we're expecting to have everything back to normal shortly.


We're posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.


The best steps for you to take right now and important information for you:


Remove any postings from your Facebook page or Twitter page that look like spam

Keep an eye on Buffer's Twitter page and Facebook page

Your Buffer passwords are not affected

No billing or payment information was affected or exposed

All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we've resolved this situation

I am incredibly sorry this has happened and affected you and your company. We're working around the clock right now to get this resolved and we'll continue to post updates on Facebook and Twitter.


If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.


- Joel and the Buffer team

First off I'm very impressed with the speed to which Buffer responded to the breach and the expeditious nature of Buffer's emails to customers. Well done. 

This is a text book worst case scenario that I was concerned about with using services like Buffer and IFTTT. Not to disparage the services themselves but, it highlights the dangers that can be found in offerings like this that interlink your accounts. 

I was fortunate in that I was not affected by this incident but, as a result I've taken the steps to change the passwords on all of the linked accounts. I know this has been said over and over again but, NEVER use the same password over again. If you use the same account on more than one service you are asking for trouble. 

Be sure to reset your passwords.

Buffer is a great service that suffered an unfortunate breach. I will continue to use them. I'm looking forward to hearing more about what transpired as they dig through the affected systems.


Copyright © 2013 IDG Communications, Inc.

The 10 most powerful cybersecurity companies