Buffer, the social media scheduling tool, has been hacked. This is a tool that is used to schedule your posts on Twitter, Facebook, LinkedIn and Google+ so that you don’t have to stay up all night to tweet the followers who are not in your local time zone. Buffer works by connecting to your various social networking sites which you have to authorise and once authorisation has been granted, Buffer will post on your behalf at the times you set in your profile.
UPDATE 27 Oct 8:24am: Buffer has fixed the system and all is operational again – more info here
Tonight they have been hacked:
Whilst the details of the hack are not clear, I am concerned that if the hackers are able to access Buffer, then they are able to set the system to post on my behalf on my Social networking feeds. Already reports are coming in from the web showing how Buffer has tweeted “Losing weight is easy with this new secret LINK” messages in people’s timelines.
On the plus side (if there is one) Buffer uses oAuth to get access to your accounts which means that it doesn’t store your passwords on its servers and so your social password are safe and probably don’t need changing but those wishing to be extra safe should go and change them anyways.
To be on the safe side, I am removing Buffer from the authorised application list.
First, disconnect Buffer connections:
Log into Buffer.com and set all your applications to off. This is done by clicking on My Account, Access and Password.
A good idea is to change Buffer.com password too
Remove Buffer from Facebook:
Log into Facebook, click on the “gear” icon and select accounts settings. On the left select apps.
This will bring up all the apps you have authorised to use your Facebook. Find the Buffer app and click on the X to remove.
If Buffer is not found, don’t stress it might have been taken offline already to protect your account.
Remove Buffer from Twitter:
Click on the “gear” icon and select Settings. On the left select apps.
This will bring up all the apps you have authorised to use your Twitter. Find the Buffer app and click on Revoke Access
Remove Buffer from LinkedIn:
Click on your picture icon and select Privacy & Settings. You will be required to login.
On the bottom click on Group, Companies & Application, then select View your applications.
This will bring up all the apps you have authorised to use your LinkedIn. Place a tick next to the Buffer app and click on Remove
Remove Buffer from Google Plus:
Click on the Profile and select Setting. Click on Manage App and Activities.
Click on the “Pencil” next to the Buffer app and select Disconnect
Good housekeeping tip: Whilst you are removing buffer from your various social networks, this might be a good time to go through the various apps and see if they really still need access. If they don’t remove them. You can always all them back if you made a mistake.
As a side note: I must say that Buffer has been very good in their communication. Not only did they disable their services immediately to protect their customers, but they have been very good about keeping the customers informed with Tweets and Facebook posts. As I type this, the following email has been received from Buffer:
I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
The best steps for you to take right now and important information for you:
- Remove any postings from your Facebook page or Twitter page that look like spam
- Keep an eye on Buffer’s Twitter page and Facebook page
- Your Buffer passwords are not affected
- No billing or payment information was affected or exposed
- All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation
I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
- Joel and the Buffer team
image from Shutterstock.com