The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on October 29, 2013

Buffer confirms hackers stole users’ Twitter and Facebook tokens, but billing information unaffected

Buffer confirms hackers stole users’ Twitter and Facebook tokens, but billing information unaffected
Kaylene Hong
Story by

Kaylene Hong

Kaylene Hong was Asia Reporter for The Next Web between 2013 and 2014, based in Singapore. She is bilingual in English and Mandarin. Stay in Kaylene Hong was Asia Reporter for The Next Web between 2013 and 2014, based in Singapore. She is bilingual in English and Mandarin. Stay in touch via Twitter or Google+.

buffer1-520x199Users of Buffer — the tool that allows you to schedule your social media across timezones — faced a nasty surprise when Buffer was hacked over the weekend and the service began spreading scam links. The Buffer team has finally learned how the hackers breached its system and closed the vulnerability, Joel Gascoigne, founder and CEO of the company wrote in an update to a blog post today.

The hackers managed to steal some of Buffer’s Facebook and Twitter access tokens from its users, resulting in the breach. However — more importantly — the hackers did not access any passwords, billing information or any other user information.

Buffer has since invalidated all Twitter access tokens and added encryption for all of them, while it has added an extra security parameter to all its Facebook API keys.

Buffer says: “With these improvements your Twitter and Facebook accounts are not at risk anymore. Attackers will not be able to use this method to send spam anymore.”

Buffer security breach has been resolved – here is what you need to know [Buffer Blog]

Also tagged with