If you're a user of social media scheduling app Buffer, there's a good chance that your Saturday morning has been less than relaxing. There have been numerous reports circulating today purporting that the service has been hacked, and just a few moments ago the company officially confirmed those reports in a tweet.
“Hi all. So sorry, it looks like we've been compromised,” the terse statement reads. “Temporarily pausing all posts as we investigate. We'll update ASAP.”
At this point the company has said little else about the cause of the issue, but its effects are clear: users who have linked their social accounts to the service have been posting sketchy weight loss links like the ones seen below. The extent of the hack is also unclear at this point, but Buffer Chief Happiness Officer (yes, really) Carolyn Kopprasch has said that it doesn't seem like every user has been affected by the exploit.
Speaking of affected Buffer users, you're probably in the clear if your Facebook or Twitter accounts haven't already started spewing spam - following a tweet from CEO Joel Gascoigne, all sharing from the service has been temporarily halted as the team tries to figure out what's wrong. A quick attempt to sign in from the Buffer homepage confirms the team's response - it's impossible to sign in using a Twitter account, and the corresponding Facebook app seems to have been pulled into sandbox mode so the Buffer API is inaccessible to outside users.
While the slew of spammy links only seems to have begun within the last hour or so, it appears as though the root cause of problem may have begun a little earlier than that. Judging by the company's timeline of tweets, the issues began late last night when some users reported not being able to access the service, while others claimed that their scheduled social posts had disappeared from the Buffer backend. I've reached out to the company for some additional insight and I'll update this post as I learn more.
