Social Sharing App Buffer Hacked, Resulting In Scam Messages Being Posted


Uh oh! Social sharing app Buffer has been hacked according to a tweet on the company’s Twitter account.  So far it seems that the hacker(s) have gained unauthorized access to Buffer in a way that allows them to post on behalf of users who have installed the Buffer app and given it permission to post on their behalf on sites like Facebook and Twitter.

If you’re not familiar with Buffer it’s a service that lets you schedule content you find or want to share and have it posted at certain times throughout the day or week. It works with various different social networks, including as we mentioned Twitter and Facebook.

An example of the messages being posted by Buffer.

The first reports I saw of Buffer being compromised were around 2:30PM ET, shortly thereafter the official tweet from Buffer (seen above) was sent out confirming the service had been hacked. Buffer says they are currently investigating the issue and have also started to do some damage control by replying to hundreds of users on Twitter informing them of what is going on.

If you use Buffer your best bet right now is to revoke the access of the Buffer app from any services you use it on until this is resolved. This can typically be done from a social networks settings page. Here are some quick instructions for the most common/popular social networks used with Buffer:

Facebook:

  1. Visit the applications page
  2. Look for the Buffer application
  3. Click the small ‘x’ on the right of the page
  4. Click ‘remove’ in the dialog that appears and the application will be removed.

Twitter:

  1. Visit the applications page
  2. Find Buffer in the list and click the “Revoke Access” button

Google+:

  1. Visit the applications page
  2. Mouse over the application, then click the pencil that appears and choose “Disconnect app”

LinkedIn:

  1. Visit the applications page
  2. Tick Buffer, then click Remove

In an email that was just sent out by Buffer co-founder Joel Gascoigne he states that not all Buffer accounts appear to be compromised and that the company will be working around the clock to have everything back to normal. If you have a question, you can shoot Buffer an email at hello@buffer.com — Joel says they plan to reply to each and every one.

Additionally, I have been informed by a Buffer rep that no passwords have been affected and no credit card information was compromised. That’s certainly some good news.

We’ll keep you posted with any updates as they occur.