Update 6: February 27th, 9:08 am
Since our last update, our team has successfully removed unauthorized posts on Twitter and Facebook (96% of total posts). We’ve hit a snag with LinkedIn posts and are still working to remove those remaining 28 posts.
Every impacted Buffer user whose account was affected has been contacted with recommended steps to take. If you were impacted and need further assistance or our team can help with anything please get in touch via firstname.lastname@example.org.
We are so grateful for your trust and patience while we got to the bottom of this. 💙
We’ll keep this blog post updated as our team continues to investigate the origin of these unauthorized posts.
Update 5: February 26th, 7:49 pm
Our first priority has been investigating the unauthorized access into Buffer accounts while preventing future access and blocking suspicious traffic. Now, we are beginning the process of removing unauthorized posts and are aiming to successfully remove all unauthorized posts.
Update 4: February 26th, 6:49pm EST
None of the 1,552 affected accounts had two factor authentication (2FA) enabled, further indicating that this was likely related to reused passwords. We are continuing to investigate. In the meantime, here’s how to turn on 2FA for your Buffer account.
Update 3: February 26th, 6:20 pm EST
Of the 618 Buffer accounts that posted unauthorized content, 766 posts were sent in total:
- 505 (66%) to Twitter
- 233 (30%) to Facebook
- and 28 (4%) to LinkedIn
Our team has taken steps to stop any further unauthorized posts from being sent.
Update 2: February 26th, 5:48 pm EST
This affected 1,552 accounts. Of those, 618 accounts posted unauthorized content. Our current understanding is that access was obtained through individual accounts, not through Buffer, likely through reused passwords, though we are not yet certain.
Update 1: February 26th, 5:05 pm EST
We’ve become aware that access was obtained to a number of Buffer accounts which have been used to spread support for Russia’s invasion of Ukraine. This is very concerning to us. So far there is no indication of a breach to Buffer. We will update this thread as we know more.