New!Check out Board viewCheck out the new Board viewOrganize and track your social content ideas with the new Board view.Learn more

How Buffer Has Reacted to the ‘Heartbleed Bug’ to Protect Our Customers

Apr 10, 2014 2 min readOpen
Photo of Courtney Seiter
Courtney Seiter

Former Director of People @ Buffer


You may have heard some talk recently about the “Heartbleed bug.” That’s the scary-named vulnerability that was just discovered in the software library that protects many sites on the internet – including Buffer.

We wanted to make sure to tell you exactly what we know and what we’ve done about Heartbleed at Buffer to keep your information as safe as possible.

What is Heartbleed?

The Heartbleed bug was just recently discovered on April 7th in OpenSSL, a kind of cryptography software that protects an estimated 66%+ of the entire web. It can allow anyone on the internet to decrypt protected web traffic and potentially uncover names, passwords, and content you send to secure web sites. Although it was just found, the bug has been around for more than two years, which means a lot of sites that we all use every day may have been affected. That’s the gist, but you can learn a lot more about it at the Heartbleed FAQ.

How Buffer has reacted

To fix the vulnerability in Buffer, we have worked with Amazon Web Services to patch the vulnerability and re-keyed all of our SSL certificates. This closed the vulnerability for all Buffer customers. That means for your security, you’ll be logged out of your Buffer account and will need to sign back in. We know this isn’t ideal, and we’re really sorry to add these additional steps to your day.

What you can do to stay safe

Since we’ve made these updates, your data is now safe in Buffer. We would encourage you to change your password for Buffer and any other site that you log in with. (Check first to make sure they’ve fixed the vulnerability, though – otherwise you might have to change it again later. Services like Lastpass can help you navigate which sites are vulnerable and when you’re clear to change your password.) 

And i

f you haven’t activated Buffer’s optional 2-step login , now would be a great time to do that. It’s the most secure and safest way to handle your social media accounts. 

One final note: Although this security breach affects far more than just Buffer, we’re who you trusted with your data and we take that trust and responsibility very seriously. We’re really sorry this happened.

Got questions about Heartbleed, web vulnerabilities and Buffer? We’re here to help.

If you’re interested in more information about what the Heartbleed vulnerability is and things you can do to protect yourself, here are some great links.   Some of these links may be a bit technical, if you have any questions at all about this, just tweet us!

Brought to you by

Try Buffer for free

140,000+ small businesses like yours use Buffer to build their brand on social media every month

Get started now

Related Articles

OpenApr 24, 2024
TikTok 'Ban' Bill Signed into Law: What It Means for Buffer and How Creators & Marketers Can Prepare

TikTok's parent company must divest the app or face a ban in the U.S. Here's everything we know, plus how to plan ahead.

woman examining a floor to ceiling bookshelf
OpenMar 29, 2024
Lessons from Unreasonable Hospitality: A Favorite Read From Our Customer Advocacy Team

How the Buffer Customer Advocacy Team set up their book club, plus their key takeaways from their first read: Unreasonable Hospitality by Will Guidara.

ai in content
OpenMar 14, 2024
How Buffer’s Content Team Uses AI

In this article, the Buffer Content team shares exactly how and where we use AI in our work.

140,000+ people like you use Buffer to build their brand on social media every month