Unauthorized access to some Buffer accounts has been resolved, here’s what happened
Head of Communications & Content @ Buffer
On February 26th, our team became aware that access was obtained to a number of Buffer accounts and those accounts were used to spread support for Russia’s invasion of Ukraine. The accounts affected did not have two factor authentication (2FA) enabled, indicating that this was likely related to reused passwords as there continues to be no indication of a breach to Buffer.
In total, 1,552 accounts were accessed, and of those, 618 accounts posted unauthorized content for a total of 766 unauthorized posts sent. They were primarily sent to Twitter (505 posts) and Facebook (233 posts), with the final few sent on LinkedIn (28 posts).
Our team quickly took action to stop further unauthorized posts from being sent and successfully removed 100% of unauthorized posts across Twitter, LinkedIn, and Facebook . We also contacted every impacted Buffer user with recommended steps to take the same day.
We're still investigating the origin of these posts and in the meantime are continuing to encourage all Buffer users to turn on 2FA for your Buffer account.
Live updates
Update 7: March 1st, 2:57 pm EST
Our team was able to access and delete the final 4% of unauthorized posts sent via LinkedIn, which completes the updates for this blog post.
Update 6: February 27th, 9:08 am EST
Since our last update, our team has successfully removed unauthorized posts on Twitter and Facebook (96% of total posts). We’ve hit a snag with LinkedIn posts and are still working to remove those remaining 28 posts.
Every impacted Buffer user whose account was affected has been contacted with recommended steps to take. If you were impacted and need further assistance or our team can help with anything please get in touch via hello@buffer.com.
We are so grateful for your trust and patience while we got to the bottom of this. 💙
We’ll keep this blog post updated as our team continues to investigate the origin of these unauthorized posts.
Update 5: February 26th, 7:49 pm
Our first priority has been investigating the unauthorized access into Buffer accounts while preventing future access and blocking suspicious traffic. Now, we are beginning the process of removing unauthorized posts and are aiming to successfully remove all unauthorized posts.
Update 4: February 26th, 6:49pm EST
None of the 1,552 affected accounts had two factor authentication (2FA) enabled, further indicating that this was likely related to reused passwords. We are continuing to investigate. In the meantime, here’s how to turn on 2FA for your Buffer account.
Update 3: February 26th, 6:20 pm EST
Of the 618 Buffer accounts that posted unauthorized content, 766 posts were sent in total:
- 505 (66%) to Twitter
- 233 (30%) to Facebook
- and 28 (4%) to LinkedIn
Our team has taken steps to stop any further unauthorized posts from being sent.
Update 2: February 26th, 5:48 pm EST
This affected 1,552 accounts. Of those, 618 accounts posted unauthorized content. Our current understanding is that access was obtained through individual accounts, not through Buffer, likely through reused passwords, though we are not yet certain.
Update 1: February 26th, 5:05 pm EST
We’ve become aware that access was obtained to a number of Buffer accounts which have been used to spread support for Russia’s invasion of Ukraine. This is very concerning to us. So far there is no indication of a breach to Buffer. We will update this thread as we know more.
Try Buffer for free
140,000+ small businesses like yours use Buffer to build their brand on social media every month
Get started nowRelated Articles
Nine years ago, we decided to launch a new free product alongside Buffer. We called it Pablo, and it was a huge hit in our community. Within just seven months of its launch, half a million photos were created using Pablo. Similarly, we had the initial ideas for Stories Creator and Remix many years ago now. All three of these tools have been an important part of Buffer’s story. They’ve taught us lessons and helped us connect with a wider audience. In Pablo’s case, the idea for this tool happene
If you use Buffer, you might have experienced us having more downtime than usual recently. We want to start with an apology for not sharing more transparently along the way what’s been happening. We’ve been caught up in the work and haven’t invested enough in communicating with our community, and we’re so sorry about this misstep. We know some of our customers have had a frustrating time using Buffer recently and we need to do better by you. This past August and September were the months we’ve
As part of our commitment to transparency and building in public, Buffer engineer Joe Birch shares how we’re doing this for our own GraphQL API via the use of GitHub Actions.