This article was published on October 26, 2013

Social sharing service Buffer has been hacked, pauses all sharing (Update: Now fully restored)


Social sharing service Buffer has been hacked, pauses all sharing (Update: Now fully restored)

Update: Buffer has restored all sharing features as of 8pm PST on Saturday. The company blog has full details of how users can reconnect their social media accounts.

– –

Users of Buffer — the tool that allows you to schedule your social media across timezones — may need to remove the app after Buffer was hacked today and the service began spreading scam links.

Joel Gascoigne, founder and CEO of the company posted the news to his Twitter account on Saturday saying that all automatic posts have been halted:

Buffer has revoked its Facebook API keys so new users are not able to authenticate to add the application at all and they have removed it from all users’ accounts which means all previous posts will also disappear. It’s not clear if they will do the same for Twitter yet.

The service started flooding social networks with links to a scam about weight loss attributed to the “Garcinia” fruit for all authenticated users of the tool, many of which are large companies.

attack

It appears the issue started a few hours ago with users reporting that scheduled tweets were disappearing from their dashboards or being unable to login to the service. In an email to users of the service, Buffer said “not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts” and confirmed that “no billing or payment information was affected or exposed.”

The best thing to do while the company fixes the issue is to remove the application from your social media. It’s not necessary to change your password as Buffer uses a technology called oAuth which means they never actually had it. Here’s how to quickly remove the tool from your social networks:

Facebook:

  1. Visit the applications page
  2. Look for the Buffer application
  3. Click the small ‘x’ on the right of the page
  4. Click ‘remove’ in the dialog that appears and the application will be removed.

Twitter:

  1. Visit the applications page
  2. Find Buffer in the list and click the “Revoke Access” button

Google+:

  1. Visit the applications page
  2. Mouse over the application, then click the pencil that appears and choose “Disconnect app”

LinkedIn:

  1. Visit the applications page
  2. Tick Buffer, then click Remove

Get the TNW newsletter

Get the most important tech news in your inbox each week.