[Update -- fixed!] Social sharing service Buffer is hacked -- temporarily takes itself offline
The latest web service to fall victim to a hack attack is Buffer, the social sharing tool that can be used to schedule posts to multiple social networks. Although it looks as though customers' passwords and billing details are safe, the problem was noticed late Saturday morning when spam type posts started to appear on users' Facebook and Twitter accounts. The Buffer team has been quick to take action and notified users via Facebook.
Buffer co-founder Leo Widrich posted saying "hey everyone! We greatly apologize for this big mess we've created. Buffer has been hacked." Shortly after this Facebook postings were disabled in a bid to stop the spread of spam and Buffer assured users that "We're continuing to work on this and trying to investigate and fix".
Buffer's Twitter feed is also being used to keep users up to date with what's happening, although at the moment it appears there is no word on the source of the problem or how many users have been affected. An email update was sent out to everyone who is signed up with Buffer and in it, "Joel and the Buffer team" explained a little about the situation:
"I wanted to get in touch to apologize for the awful experience we've caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We're working hard to fix this problem right now and we're expecting to have everything back to normal shortly."
A Twitter update from Joel soon after this revealed that Facebook and Twitter access tokens had been compromised and an investigation is underway to determine how it happened. When things are back up and running, users will need to connect their Facebook and Twitter accounts to Buffer.
Buffer is now reporting that the problem has been fixed and that security has been bolstered. The service is now operating as normal, but users will need to reconnect their Facebook and Twitter accounts.
Were you affected by this? Did you notice spam posts being sent out on your behalf?