Skip to main content

Buffer recovers after attack leaves users spamming Facebook and Twitter

If you've been using the Buffer app to schedule-post your witticisms to Facebook, Google+, or Twitter, we have a bit of good news and bad news for you.

It's possible that you might have blasted your Facebook friends with spam as a result of a bit of hacking surrounding the Buffer app recently. And, assuming that your friends were foolish enough to click on the link within your Facebook post, it's possible that they opened up their systems to a spot of spam themselves.

As of right now, though, it only appears that some of those using Buffer blasted Facebook with weight-loss-themed spam – nothing worse.

The good news? Buffer has since fixed the problem and, ideally, is now in a much better place to prevent spam postings from taking over your Facebook ever again. Buffer CEO Joel Gascoigne took to the company blog yesterday to detail out what was happening:

"I wanted to post a quick update and apologize for the awful experience we've caused many of you on your weekend. Buffer was hacked around 2 hours ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now," Gascoigne wrote.

"Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We're working hard to fix this problem right now and we're expecting to have everything back to normal shortly."

To combat the problem, Buffer briefly took its entire app offline on Facebook – which meant that all posts made via the app were temporarily hidden. The company re-enabled its app soon after though, restoring all previously hidden messages, but kept the app's actual posting capabilities offline for a bit longer. Twitter connections were restored later, allowing users to post to their Twitter feeds using Buffer once again.

Finally, Buffer managed to fully secure and restore its app back to standard working conditions.

"We've greatly increased the security of how we handle all social messages being posted and everything is back to normal," read Buffer's evening announcement. Additionally, commented Gascoigne, Buffer plans to "publish an in-depth post about what the spammers got access to and what we did to fix it."

"In short, we encrypted all access tokens for Twitter and Facebook and also added other security measurements to make everything much more bullet proof," he added.

In an update, Gascoigne notes that Buffer successfully survived its overnight without any service issues (or other hacks) to report. The company continues to work on its post-mortem analysis of what exactly happened, including how hackers managed to break into Buffer and just what, exactly, is the fallout from all that spam.

Gascoigne has also invited those who have any questions about the hack to email the Buffer team directly.

"Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email," wrote Gascoigne in an email to all Buffer users.