Buffer (bufferapp.com) is a well-known application that we can use from the web and mobile to program the publications on social networks, determining specific times and leaving the texts and photos scheduled that we want to show on twitter, facebook and google plus. This tool, used by thousands of people daily, suffered a hacker attack over the weekend, and its users quickly received information about the situation.
Just under an hour after the invasion, when hackers were already using user accounts to post malicious texts and links on social media, Buffer sent an email to his clients to indicate in detail what was happening, showing actions taken and reassuring those who thought their accounts were in danger.
We contacted Leonhard Widrich, one of the founders of Buffer, to comment personally on the matter:
What exactly happened?
They invaded our systems to access thousands of user accounts on social networks. Although they cannot obtain the passwords of the users, since in Buffer we do not have that information (all the accesses are Oauth), they can publish from the permissions that we have on Facebook, Twitter and other networks. Several users saw links and texts being published on their social media accounts. No data related to customer payments was extracted from our servers.
How many users were affected by the problem?
Only a very small subset of users were affected, far fewer than we originally thought. We do not have the defined number yet, but we will inform you in the next hours on our blog.
What did you do when you detected the problem?
The first thing we did was disable content publishing, thus preventing the distribution of malicious links in our clients’ accounts. Then we worked hard to restore all services and allow everything to work again. We are now allowing publication again, after adding several severe security measures.
Who was responsible for the attacks?
We do not know yet, but we hope to have information on that subject very soon.
What are you going to do to avoid this problem in the future?
We are now working with top security experts to 100% eliminate the possibility of what has happened here happening again, as well as adding several layers of security to make Buffer posts much more secure. At the moment everything is working properly.