Buffer Security Breach Resolved, But All Users Must Reconnect Their Twitter Accounts

You’ve likely heard about Buffer’s hacking incident this past weekend, during which a security breach caused 30,000 Buffer users who had a Facebook page connected (6.3% of Buffer users on Facebook) to have spam posted on their behalf to their followers, and affected a considerable amount of Buffer Twitter users as well.

The Buffer team has now determined the method which left their data vulnerable, and locked and secured it against future hacking. But all Buffers users who have their Twitter account connected to their Buffer profile must take the following step in order to continue using Buffer.

Since the hackers were able to steal some of Buffer’s Facebook and Twitter access tokens from its users (but not passwords, billing information or other user information), Buffer has since invalidated all Twitter access tokens. That means you must reconnect all your Twitter accounts, even if you’ve already done so.

You’ll see this when you next go to buffer.com:

Then you need to do this:

Other important things to know:

– You may need to log into each Twitter account separately in a new tab before reconnecting.

– Reconnecting won’t work in mobile apps; all Twitter accounts have to be reconnected on the Buffer.com web dashboard.

– Facebook posting will have resumed normally, there is nothing you need to do.

– Signing in with or connecting a new Twitter account in the iPhone app won’t work until Buffer’s new update is approved by Apple.

If you have any additional questions or comments, the Buffer team has been communicating clearly and openly with its users and the greater public, and you can leave a comment on their blog post documenting the hack or connect on Buffer’s Twitter page and Facebook page.

(Hacked image via Shutterstock.)