This article was published on August 21, 2013

HootSuite adds extra security measures as spammers increase efforts to gain unauthorized access


HootSuite adds extra security measures as spammers increase efforts to gain unauthorized access

Social media management platform HootSuite has taken extra steps to secure customer accounts in response to an increase in brute force attempts from spammers seeking to gain unauthorized access.

After reports emerged on Twitter that some HootSuite accounts may have been hacked and new security verifications began appearing on the service, we contacted the company to see what was up. HootSuite asserted that it has not been compromised, but it did note that some intruders were successful at logging in to user accounts with passwords that had been “acquired from compromised social networks.”

In order to protect from the attempted attacks, HootSuite is implementing social verification and IP address logging. With the new measures in place, users will be asked to provide Twitter or Facebook login credentials when logging in, and they will need to resubmit verification when signing on from a new IP address.

Here’s the statement HootSuite provided:

We’re seeing an increase in attempts by spammers to gain unauthorized access to social media accounts by exploiting password weaknesses.  HootSuite itself has not been compromised or hacked.  However, we are seeing attempts (some successful) to login to HootSuite using user IDs and passwords acquired from compromised social networks.

We’re deploying numerous security measures behind the scenes to protect users.

1) Social Verification: We will require you to verify yourself using Twitter or Facebook login credentials associated with your HootSuite account (you’ll need to know the passwords for these networks). If you’re a team member without access to the native social network (bravo! your team is already a little more secure) the email that you use to login to HootSuite will verify you.

2) IP address logging: We’ll record your location. If you login from another location, we’ll want to make sure you’re the authorized user, and not an external threat, and ask you to verify yourself again. This is an extra step to gain access, but a necessary one to protect you and your accounts.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The extra steps will pose a minor inconvenience to users, but security provides the foundation for Hootsuite’s platform. Entrusting a service with the keys to an organization’s social media accounts takes a tremendous amount of trust, and platforms like Hootsuite can’t afford to have that undermined.

The high degree of trust that brands have placed in Hootsuite was likely one of the major factors that investors considered when joining in the $165 million Series B round the company announced earlier this month.

Groups like the Syrian Electronic Army have been active recently, using phishing attempts to gain credentials to social media accounts and other Web services.

Top image credit: Tom Brakefield / Thinkstock

Get the TNW newsletter

Get the most important tech news in your inbox each week.