Users of Buffer — the tool that allows you to schedule your social media across timezones — faced a nasty surprise when Buffer was hacked over the weekend and the service began spreading scam links. The Buffer team has finally learned how the hackers breached its system and closed the vulnerability, Joel Gascoigne, founder and CEO of the company wrote in an update to a blog post today.
The hackers managed to steal some of Buffer’s Facebook and Twitter access tokens from its users, resulting in the breach. However — more importantly — the hackers did not access any passwords, billing information or any other user information.
Buffer has since invalidated all Twitter access tokens and added encryption for all of them, while it has added an extra security parameter to all its Facebook API keys.
Buffer says: “With these improvements your Twitter and Facebook accounts are not at risk anymore. Attackers will not be able to use this method to send spam anymore.”