Sign up to our newsletter
The latest security news direct to your inbox
An invasion of fruity posts offering miraculous weight loss flooded Facebook and Twitter accounts linked to the social sharing app Buffer over the weekend – appearing on official accounts for companies such as Brussels Airlines and Startup Genome.
Thirty thousand users had spam posted on their behalf, linking to a weight loss site, according to Mashable.
In response, Buffer, a “social scheduling” app, which offers timed posts for individuals and companies with a global audience, shut down. The service is up and running again now – but the company’s rapid, open response drew admiration from users, according to ZDNet.
The attack offered links to a product containing Garcinia Camboga, a vegetable extract often used in weight loss supplements, according to TechCrunch. The posts appeared on both Facebook and Twitter.
Buffer’s staff responded rapidly, offering apologies via official Twitter accounts and an open company blog – and even offered instructions on how to unlink Facebook from their own app. Service was restored quickly, and the company communicated with users via email, Twitter, Facebook and its blog.
“I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now,” the company said in an email to all users, according to Mashable.
“Proof positive that full transparency and openness is the only way to go when situations like this occur. Kudos to Buffer,” one user commented.
Buffer CEO Joel Gascoigne wrote, “Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
We’re posting continual updates to keep you in the loop on everything.The best steps for you to take right now and important information for you: remove any postings from your Facebook page or Twitter page that look like spam. Your Buffer passwords are not affected/ No billing or payment information was affected or exposed.”
The attack has echoes of a recent attack on social app Hootsuite, where a link – promising a “free Groupon of garcinia cambogia” spread on both Twitter and Facebook, and was spread via celebrity accounts such as Jane Fonda’s.
Author Rob Waugh, We Live Security