ANOTHER DAY, another social media hacking, this time at Buffer, the cross-platform social media aggregator that disperses status updates and shares at regular intervals.
On Saturday users started to find that spam was being posted in their Facebook and Twitter timelines. Buffer acted immediately by stopping all posting rights and revoking authorisation tokens for Facebook and Twitter.
Posting on its company blog, Buffer was keen to emphasise that user login data was never affected and that no billing information was stolen. Buffer said it increased security and advised users that they will need to reconnect their accounts to Facebook and Twitter.
The Buffer blog post said, "We have added encryption of Oauth access tokens and we have changed all API calls to use an added security parameter."
Estimates from Facebook show that 30,000 spam posts were sent across Facebook, out of 476,000 Buffer users with connected accounts. This amounted to a spam volume of just 6.3 percent, but it is worrying nevertheless.
Buffer has been transparent throughout the incident, and has promised a full public postmortem after working with security experts. Its users have shown their support, with one user having written, "You all are doing a phenomenal job. Being open, transparent and communicate with your users as if they are intelligent people - it wins every time."
The full extent and an analysis of the attack will be announced in due course on Buffer's blog. µ