Buffer App Got Hacked! Are You Concerned About Yours?
- October 29, 2013
Buffer is a famous app in social marketing because of its strong features such as custom scheduling, standard buffering, detailed social analytics and multiple social networks. This app allows you to share all media formats. Buffer allows you to share your contents on Facebook, Twitter, Linkedin and App.net from your computer or mobile phone and multiple users can share simultaneously.
The Attack: Thirty thousand users from 476,343 Facebook accounts which is 6.3 % of the total who use Buffer to post to their pages were affected by the spam attack. The social media users started reporting to facebook and Buffer team about the spam which are generated automatically and published via their accounts, PCMag further reported that the link pointed out by those weight-lost theme are viruses.
Buffer team response
Buffer team was very much active and responded professionally to the matter, Buffer CEO Joel Gascogine after the attack made an apology to it its users
“ I wanted to post a quick update and apologize for the awful experience we have caused many of you on your weekend”
“Buffer was hacked around 2 hours ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.”
“We’re working with several security experts on tracking down exactly how it was possible for the spammers to get into our system,” he wrote. “We’re making good progress on this, this morning.”
Co-founder of buffer Leo Widrich gave his statement on Facebook :
“We greatly apologize for this big mess we’ve created. Buffer has been hacked,”
A similar nature of hack has been seen recently on Instagram in form of viral wave of weight-loss spam, which wasn’t because of hack.
After temporarily disabling the app for facebook users, the app was brought back again up and running. As per Buffer team in no user accounts or billing information were compromised during the hack.
So what can we all learn from Buffer? All futuristic applications are running on diverse architecture where integration of different applications is most wanted feature. With more integration it also opens different security loopholes as well. We should keep a check with security baseline documents of all the technologies that are integrated in our product. Security testing is a continuous process, as applications demand seamless integration with other applications. Providing API to third party applications is one most common way. Security assessments should be made a part of scheduled process and permissions, which are granted, to user with the help of usage of application should be tested properly. A simple loophole can make all other security measures null and void. So don’t forget to run a thorough security test with strict criteria.