On February twenty sixth, our group turned conscious that entry was obtained to a variety of Buffer accounts and people accounts have been used to unfold help for Russia’s invasion of Ukraine. The accounts affected didn’t have two issue authentication (2FA) enabled, indicating that this was doubtless associated to reused passwords as there continues to be no indication of a breach to Buffer.
In whole, 1,552 accounts have been accessed, and of these, 618 accounts posted unauthorized content material for a complete of 766 unauthorized posts despatched. They have been primarily despatched to Twitter (505 posts) and Fb (233 posts), with the ultimate few despatched on LinkedIn (28 posts).
Our group shortly took motion to cease additional unauthorized posts from being despatched and efficiently eliminated 100% of unauthorized posts throughout Twitter, LinkedIn, and Fb . We additionally contacted each impacted Buffer consumer with advisable steps to take the identical day.
We’re nonetheless investigating the origin of those posts and within the meantime are persevering with to encourage all Buffer customers to activate 2FA to your Buffer account.
Replace 7: March 1st, 2:57 pm EST
Our group was in a position to entry and delete the ultimate 4% of unauthorized posts despatched through LinkedIn, which completes the updates for this weblog put up.
Replace 6: February twenty seventh, 9:08 am EST
Since our final replace, our group has efficiently eliminated unauthorized posts on Twitter and Fb (96% of whole posts). We’ve hit a snag with LinkedIn posts and are nonetheless working to take away these remaining 28 posts.
Each impacted Buffer consumer whose account was affected has been contacted with advisable steps to take. Should you have been impacted and want additional help or our group may also help with something please get in contact through firstname.lastname@example.org.
We’re so grateful to your belief and persistence whereas we obtained to the underside of this. 💙
We’ll preserve this weblog put up up to date as our group continues to analyze the origin of those unauthorized posts.
Replace 5: February twenty sixth, 7:49 pm
Our first precedence has been investigating the unauthorized entry into Buffer accounts whereas stopping future entry and blocking suspicious site visitors. Now, we’re starting the method of eradicating unauthorized posts and are aiming to efficiently take away all unauthorized posts.
Replace 4: February twenty sixth, 6:49pm EST
Not one of the 1,552 affected accounts had two issue authentication (2FA) enabled, additional indicating that this was doubtless associated to reused passwords. We’re persevering with to analyze. Within the meantime, right here’s tips on how to activate 2FA to your Buffer account.
Replace 3: February twenty sixth, 6:20 pm EST
Of the 618 Buffer accounts that posted unauthorized content material, 766 posts have been despatched in whole:
- 505 (66%) to Twitter
- 233 (30%) to Fb
- and 28 (4%) to LinkedIn
Our group has taken steps to cease any additional unauthorized posts from being despatched.
Replace 2: February twenty sixth, 5:48 pm EST
This affected 1,552 accounts. Of these, 618 accounts posted unauthorized content material. Our present understanding is that entry was obtained via particular person accounts, not via Buffer, doubtless via reused passwords, although we’re not but sure.
Replace 1: February twenty sixth, 5:05 pm EST
We’ve grow to be conscious that entry was obtained to a variety of Buffer accounts which have been used to unfold help for Russia’s invasion of Ukraine. That is very regarding to us. To date there isn’t any indication of a breach to Buffer. We’ll replace this thread as we all know extra.