Yesterday afternoon, I noticed something odd. I use HootSuite not only for myself, but for many of my social media marketing clients, and am often logged into multiple HootSuite accounts using several different web browsers. When switching back and forth between accounts to post updates and monitor activity, I kept having to log back in. Not only that, I was being asked to complete a CAPTCHA form, and then verify my account using Twitter or a code sent via email. When Twitter authentication continued to fail, I opened Twitter directly in a new tab and headed over to HootSuite’s support account, @HootSuite_Help.
Turns out it wasn’t just me.
Many HootSuite users were reporting issues, and the fine folks at @HootSuite_Help were responding to them all, explaining that the HootSuite team was working on addressing some performance issues, while at the same time, working to implement some security changes. After a short while, performance returned to normal, with a few changes.
According to a blog post by HootSuite, they had begun to see an uptick in the number of unauthorized login attempts. It seems that hackers had obtained username and password combinations from other websites, and were using those to try to login to HootSuite. In other words, the hackers were hoping that HootSuite users were using the same email and password combination that they’d used on other websites.
Fortunately, the hackers were met with very limited success, but HootSuite obviously determined that additional steps were needed. They began to implement additional security precautions to help protect user accounts. Now, all HootSuite users will need to authenticate their account by confirming via Twitter or Facebook authentication, or providing a code sent via email. What this does is ensure that whomever is logging must also have access to the user’s email or a social network, therefore reducing the likelihood that a hacker will be able to get in.
HootSuite has also begun tracking your IP Address in order to determine the location you’re using to login. If you login from a new location, or your IP address changes, you will need to authenticate your account once more. That way, if someone else manages to obtain your username and password, they’ll presumably be at a different location, using a different IP address, and will have to authenticate their access before they will be able to successfully log in.
Why all the fuss? Because most of us have 4 or more social networks connected to our HootSuite account. If that account is compromised, the villain will be able to monitor our social media activity and post on our behalf. The damage starts at potentially embarrassing and gets worse from there.
Account Precautions
HootSuite seems to be doing a great job of taking steps to protect our accounts from malicious hackers, but it’s not all on them. Each of us needs to take some basic precautions to protect ourselves.
- Do not use the same password for multiple accounts.
- Use strong passwords that include mixed case, numbers and special characters.
- Do not share your passwords with other people.
Also, make sure that you’re regularly monitoring your outgoing messages and posts so that if one of your accounts were to be compromised, you’ll notice it right away.
If you are having issues recieving the email verification code, here are some suggestions from HootSuite to make sure you get it.
If you have any questions or concerns about HootSuite, or would like help getting set up to manage your social media activity, please feel free to contact me. Larger corporations should strongly consider commissioning a Social Media Audit where we can review not only social media strategy, but also the security of your accounts and internal social media policy.