Buffer, a cross-network posting service that also does Google+, is hacked
Facebook, Twitter compromised, founder says
If you're a user of the Buffer app for cross-posting to various social networks, be aware that the service got hacked today, with spam messages going out over Facebook. The ability to post has been revoked, and the spam appears to no longer be accessible.
As you can see from the image above, the spam was of the "Lose weight now!" variety. (And do us a favor and don't go venturing to that link in our picture, m'kay?) Buffer bosts some 1.08 million users on its home page, with more than 98 million updates posted.
Buffer founder and CEO Joel Gascoigne — that's his name you see on e-mails from Buffer — confirmed the hack on Twitter and said that Buffer's Twitter authorizations also were compromised.
Looks like @buffer has been hacked and there is a nasty scam being posted. We’re pausing all posting and investigating right now. Sorry!Looks like @buffer has been hacked and there is a nasty scam being posted. We’re pausing all posting and investigating right now. Sorry!— Joel Gascoigne (@joelgascoigne) October 26, 2013October 26, 2013
We've stopped all posting from @buffer until we have got to the bottom of what caused this scam. Sorry once again. We're investigating.We've stopped all posting from @buffer until we have got to the bottom of what caused this scam. Sorry once again. We're investigating.— Joel Gascoigne (@joelgascoigne) October 26, 2013October 26, 2013
Also of importance to us is that Buffer is one of the services that you can use to feed into Google+ pages. While we hate to see anyone get hacked, now's a good time to maybe take a look at which apps have access to your networks, and clear out anything you're not using.
Buffer also is used to update Twitter, LinkedIn, and app.net.
Update (Saturday p.m.): If you haven't seen it by now, be sure to check in on Buffer's blog detailing what's going on.
Update (4:25 p.m. EDT): Buffer just sent the following e-mail:
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
I wanted to get in touch to apologize for the awful experience we've caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We're working hard to fix this problem right now and we're expecting to have everything back to normal shortly.
We're posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.
The best steps for you to take right now and important information for you:
- Remove any postings from your Facebook page or Twitter page that look like spam
- Keep an eye on Buffer's Twitter page and Facebook page
- Your Buffer passwords are not affected
- No billing or payment information was affected or exposed
- All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we've resolved this situation
I am incredibly sorry this has happened and affected you and your company. We're working around the clock right now to get this resolved and we'll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
- Joel and the Buffer team