At approximately 3pm EST, Buffer’s servers were compromised. Unlike other public hack jobs, this one wasn’t about stealing passwords or payment information. Instead, the breach permitted the attackers access to post to member social profiles. Buffer has publicly ackowledged the attack and is working to resolve any and all security breaches and compromises.
What’s Been Compromised
According to Joel Gascoigne, Founder and CEO of Buffer, “No billing or payment information was affected or exposed” and “Your Buffer passwords are not affected.”
Instead, many Buffer users were unfortunate enough to have spam messages sent to their social media accounts via Buffer.
There is also no indication that individual social media accounts have been compromised – only Buffer specifically.
What is Buffer Doing?
Within minutes, Buffer identified the breach and began working on it. An email message was sent out within the hour to all Buffer users informing them of the facts and current situation, as well as social media messages.
Hi all. So sorry, it looks like we've been compromised. Temporarily pausing all posts as we investigate. We'll update ASAP.
— Buffer (@buffer) October 26, 2013
While working to address the security issue itself, the Buffer team has removed all Facebook posts published during the affected timeframe and paused all buffered posts to ensure that no more spam posts are published. While I had seen one of these messages published to a Facebook Page on my phone earlier this afternoon, I can no longer find any evidence of such spam posts, so this would appear to have worked.
What Should I Do Now?
First, check all of the social networks that you have conneted to your Buffer account and verify that no spam posts have been published. Twitter, Facebook, LinkedIn and Google+, if you’ve connected them. If you note any spam messages at all, delete them immediately of course.
Third, even though Buffer has stated that no account information has been compromised, I would strongly recommend:
- Reset your Buffer account password
- Reset your connected social network passwords
- Monitor accounts and banking information, if you’re paid member
Should you shut down your Buffer account? Definitely not. It’s an unfortunate reality that these kinds of events happen. What’s impressive is how Buffer is handling it. They’ve dealt with the issue quickly and transparently, and have promised to work around the clock until it is resolved. Until I see evidence of neglect or poor management, I am going to keep using Buffer and recommend that you do the same.
If you have further questions or concerns, please feel free to share them here. And please share this post with all of your social networks to help keep everyone properly informed and prepared.
UPDATE: As of Saturday evening, all security issues were resolved. Buffer reported that, “you will have to reconnect all your Twitter accounts, even if you’ve already done so. Go to the Buffer web dashboard to reconnect.“
Buffer also reported that:
- Reconnecting won’t work in mobile apps, all Twitter accounts will have to be reconnected on the web dashboard.
- Your Facebook posting will have resumed normally, there is nothing you need to do.
- Signing in with or connecting a new Twitter account in the iPhone app won’t work until our new update is approved by Apple.
I also want to reiterate how impressed I’ve been with how Buffer responded to this issue. They’ve been transparent about what happened, communicated and worked swiftly to resolve the issue, and tirelessly responded to every email and tweet. They should be commended for their actions, and I, for one, will not only continue to use, but also recommend the service to all of my readers and clients.