Tuesday, October 29, 2013

Buffer App strengthens security becuase of spam.


bufferapp.com, a social sharing website that allows you to schedule posts on Facebook, Twitter and Google+, was attacked with spam on Saturday.  The attack was first noticed when a blast of spammy weight-loss links were added to users Facebook and Twitter pages.

If you opened up the links to the weight-loss sites, it is possible you may have opened your system to a bit a spam yourself.

It looks like Buffer blasted Facebook only with the weight-loss spam and nothing else, but sources are still indefinite.

Buffer has fixed the problem and upgraded their security to prevent the spam from happening again.

“We greatly apologize for this big mess we’ve created. Buffer has been hacked,” co-founder Leo Widrich said in a Facebook post on Saturday morning.

The Buffer App, said on Sunday it is encrypting OAuth access tokens.  This allows users to access other applications and will do so without revealing passwords.  Buffer also created a new security parameter to the API (applications programming interface) calls, making it nearly bullet-proof.

Buffer’s founder Joel Gascoigne wrote, “We have greatly increased security of how we are posting to Twitter and Facebook and have confidence to cover the security holes the hackers have used to break into our system.”

Facebook said 30,000 Buffer users were affected with the spam issues.  This is around 6.3 percent of the 476,343 Facebook accounts connected to Buffer.

When Buffer users go back to their accounts, they will need to reconnect to their Twitter accounts but not their Facebook ones.

The company continues to work on examining exactly what happened, including how the hackers managed to break into Buffer and just what, exactly, are the consequences from the spam.

Have you seen a trend in weight-loss sites in your Facebook?  Let us know your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buffer encrypts access tokens after spammer hack – CSO
October 28, 2013
Schedule-Posting App Buffer Survives Spam Attack, Back Online – PC Magazine
October 27, 2013
Social Sharing App Buffer Hacked, Temporarily Halts Service – All Things D

No comments:

Post a Comment