On February twenty sixth, our group grew to become conscious that entry was obtained to plenty of Buffer accounts and people accounts have been used to unfold help for Russia’s invasion of Ukraine. The accounts affected didn’t have two issue authentication (2FA) enabled, indicating that this was possible associated to reused passwords as there continues to be no indication of a breach to Buffer.
In complete, 1,552 accounts have been accessed, and of these, 618 accounts posted unauthorized content material for a complete of 766 unauthorized posts despatched. They have been primarily despatched to Twitter (505 posts) and Fb (233 posts), with the ultimate few despatched on LinkedIn (28 posts).
Our group shortly took motion to cease additional unauthorized posts from being despatched and efficiently eliminated 100% of unauthorized posts throughout Twitter, LinkedIn, and Fb . We additionally contacted each impacted Buffer person with advisable steps to take the identical day.
We’re nonetheless investigating the origin of those posts and within the meantime are persevering with to encourage all Buffer customers to activate 2FA to your Buffer account.
Stay updates
Replace 7: March 1st, 2:57 pm EST
Our group was in a position to entry and delete the ultimate 4% of unauthorized posts despatched by way of LinkedIn, which completes the updates for this weblog publish.
Replace 6: February twenty seventh, 9:08 am EST
Since our final replace, our group has efficiently eliminated unauthorized posts on Twitter and Fb (96% of complete posts). We’ve hit a snag with LinkedIn posts and are nonetheless working to take away these remaining 28 posts.
Each impacted Buffer person whose account was affected has been contacted with advisable steps to take. If you happen to have been impacted and want additional help or our group will help with something please get in contact by way of good day@buffer.com.
We’re so grateful to your belief and persistence whereas we obtained to the underside of this. 💙
We’ll maintain this weblog publish up to date as our group continues to analyze the origin of those unauthorized posts.
Replace 5: February twenty sixth, 7:49 pm
Our first precedence has been investigating the unauthorized entry into Buffer accounts whereas stopping future entry and blocking suspicious site visitors. Now, we’re starting the method of eradicating unauthorized posts and are aiming to efficiently take away all unauthorized posts.
Replace 4: February twenty sixth, 6:49pm EST
Not one of the 1,552 affected accounts had two issue authentication (2FA) enabled, additional indicating that this was possible associated to reused passwords. We’re persevering with to analyze. Within the meantime, right here’s methods to activate 2FA to your Buffer account.
Replace 3: February twenty sixth, 6:20 pm EST
Of the 618 Buffer accounts that posted unauthorized content material, 766 posts have been despatched in complete:
- 505 (66%) to Twitter
- 233 (30%) to Fb
- and 28 (4%) to LinkedIn
Our group has taken steps to cease any additional unauthorized posts from being despatched.
Replace 2: February twenty sixth, 5:48 pm EST
This affected 1,552 accounts. Of these, 618 accounts posted unauthorized content material. Our present understanding is that entry was obtained via particular person accounts, not via Buffer, possible via reused passwords, although we aren’t but sure.
Replace 1: February twenty sixth, 5:05 pm EST
We’ve grow to be conscious that entry was obtained to plenty of Buffer accounts which have been used to unfold help for Russia’s invasion of Ukraine. That is very regarding to us. Up to now there isn’t any indication of a breach to Buffer. We are going to replace this thread as we all know extra.