How Buffer Has Reacted to the ‘Heartbleed Bug’ to Protect Our Customers
Former Director of People @ Buffer
You may have heard some talk recently about the “Heartbleed bug.” That’s the scary-named vulnerability that was just discovered in the software library that protects many sites on the internet – including Buffer.
We wanted to make sure to tell you exactly what we know and what we’ve done about Heartbleed at Buffer to keep your information as safe as possible.
What is Heartbleed?
The Heartbleed bug was just recently discovered on April 7th in OpenSSL, a kind of cryptography software that protects an estimated 66%+ of the entire web. It can allow anyone on the internet to decrypt protected web traffic and potentially uncover names, passwords, and content you send to secure web sites. Although it was just found, the bug has been around for more than two years, which means a lot of sites that we all use every day may have been affected. That’s the gist, but you can learn a lot more about it at the Heartbleed FAQ.
How Buffer has reacted
To fix the vulnerability in Buffer, we have worked with Amazon Web Services to patch the vulnerability and re-keyed all of our SSL certificates. This closed the vulnerability for all Buffer customers. That means for your security, you’ll be logged out of your Buffer account and will need to sign back in. We know this isn’t ideal, and we’re really sorry to add these additional steps to your day.
What you can do to stay safe
Since we’ve made these updates, your data is now safe in Buffer. We would encourage you to change your password for Buffer and any other site that you log in with. (Check first to make sure they’ve fixed the vulnerability, though – otherwise you might have to change it again later. Services like Lastpass can help you navigate which sites are vulnerable and when you’re clear to change your password.)And i
f you haven’t activated Buffer’s optional 2-step login , now would be a great time to do that. It’s the most secure and safest way to handle your social media accounts.One final note: Although this security breach affects far more than just Buffer, we’re who you trusted with your data and we take that trust and responsibility very seriously. We’re really sorry this happened.
Got questions about Heartbleed, web vulnerabilities and Buffer? We’re here to help.
If you’re interested in more information about what the Heartbleed vulnerability is and things you can do to protect yourself, here are some great links. Some of these links may be a bit technical, if you have any questions at all about this, just tweet us!
Try Buffer for free
140,000+ small businesses like yours use Buffer to build their brand on social media every month
Get started nowRelated Articles
Nine years ago, we decided to launch a new free product alongside Buffer. We called it Pablo, and it was a huge hit in our community. Within just seven months of its launch, half a million photos were created using Pablo. Similarly, we had the initial ideas for Stories Creator and Remix many years ago now. All three of these tools have been an important part of Buffer’s story. They’ve taught us lessons and helped us connect with a wider audience. In Pablo’s case, the idea for this tool happene
If you use Buffer, you might have experienced us having more downtime than usual recently. We want to start with an apology for not sharing more transparently along the way what’s been happening. We’ve been caught up in the work and haven’t invested enough in communicating with our community, and we’re so sorry about this misstep. We know some of our customers have had a frustrating time using Buffer recently and we need to do better by you. This past August and September were the months we’ve
As part of our commitment to transparency and building in public, Buffer engineer Joe Birch shares how we’re doing this for our own GraphQL API via the use of GitHub Actions.
