Buffer upbeat despite suffering breach

Summary:A small percent of Buffer customers have been sending spam to Twitter and Facebook, but many have instead been impressed by the company's response and positivity to the attack.

Buffer is recovering from an attack on its systems that saw many of its customers send spam to their social networks.

The attack took place on Saturday, with the company continually documenting its response on its Open blog.

Buffer is used by individuals, but also businesses, to prepare and schedule social media posts on networks like Twitter and Facebook. With an investigation still ongoing, not all the details of the attack are available, but the company has changed its processes to encrypt OAuth access tokens and made further security changes to its API.

Although the spam posts appeared on Facebook and Twitter, these services have not been directly compromised. Instead, users provide access to their accounts by linking Buffer to these social networks and giving them the privilege to post on their behalf.

After working with Facebook, Buffer CEO Joel Gascoigne said that 30,000 Buffer users that had a Facebook page connected had spam posted on their behalf.

"This means that 6.3 percent of Buffer users on Facebook were impacted by this," he wrote.

Buffer has since revoked the permissions that it was given to post to Twitter, in effect expiring the OAuth access tokens that are believed to be compromised. Users are now required to reconnect their accounts in order for new tokens to be generated.

Customer billing data is handled by Stripe, a company that helps businesses accept web and mobile payments and, as such, was not affected by the attack. Additionally, customer passwords are hashed and salted.

Despite the attack, the company has been upbeat about the issue. The company's number one value is to always choose positivity and happiness, and number two on the list is to default to transparency.

Gascoigne has even been wishing well those cancelling their Buffer account, and complimenting them on their choice of competing product.

Topics: Security, Malware, Privacy, Social Enterprise

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.