New!Schedule Threads!Threads scheduling has arrived!Threads scheduling has arrived on Buffer! Find your community now.Threads scheduling has arrived on Buffer! Find your community and keep the conversation going.Learn more

Unauthorized access to some Buffer accounts has been resolved, here’s what happened

Feb 26, 2022 2 min readOpen
Photo of Hailley Griffis
Hailley Griffis

Head of Communications & Content @ Buffer

On February 26th, our team became aware that access was obtained to a number of Buffer accounts and those accounts were used to spread support for Russia’s invasion of Ukraine. The accounts affected did not have two factor authentication (2FA) enabled, indicating that this was likely related to reused passwords as there continues to be no indication of a breach to Buffer.

In total, 1,552 accounts were accessed, and of those, 618 accounts posted unauthorized content for a total of 766 unauthorized posts sent. They were primarily sent to Twitter (505 posts) and Facebook (233 posts), with the final few sent on LinkedIn (28 posts).

Our team quickly took action to stop further unauthorized posts from being sent and successfully removed 100% of unauthorized posts across Twitter, LinkedIn, and Facebook . We also contacted every impacted Buffer user with recommended steps to take the same day.

We're still investigating the origin of these posts and in the meantime are continuing to encourage all Buffer users to turn on 2FA for your Buffer account.

Live updates

Update 7: March 1st, 2:57 pm EST

Our team was able to access and delete the final 4% of unauthorized posts sent via LinkedIn, which completes the updates for this blog post.

Update 6: February 27th, 9:08 am EST

Since our last update, our team has successfully removed unauthorized posts on Twitter and Facebook (96% of total posts). We’ve hit a snag with LinkedIn posts and are still working to remove those remaining 28 posts.

Every impacted Buffer user whose account was affected has been contacted with recommended steps to take. If you were impacted and need further assistance or our team can help with anything please get in touch via hello@buffer.com.

We are so grateful for your trust and patience while we got to the bottom of this. 💙

We’ll keep this blog post updated as our team continues to investigate the origin of these unauthorized posts.

Update 5: February 26th, 7:49 pm

Our first priority has been investigating the unauthorized access into Buffer accounts while preventing future access and blocking suspicious traffic. Now, we are beginning the process of removing unauthorized posts and are aiming to successfully remove all unauthorized posts.

Update 4: February 26th, 6:49pm EST

None of the 1,552 affected accounts had two factor authentication (2FA) enabled, further indicating that this was likely related to reused passwords. We are continuing to investigate. In the meantime, here’s how to turn on 2FA for your Buffer account.

Update 3: February 26th, 6:20 pm EST

Of the 618 Buffer accounts that posted unauthorized content, 766 posts were sent in total:

  • 505 (66%) to Twitter
  • 233 (30%) to Facebook
  • and 28 (4%) to LinkedIn

Our team has taken steps to stop any further unauthorized posts from being sent.

Update 2: February 26th, 5:48 pm EST

This affected 1,552 accounts. Of those, 618 accounts posted unauthorized content. Our current understanding is that access was obtained through individual accounts, not through Buffer, likely through reused passwords, though we are not yet certain.

Update 1: February 26th, 5:05 pm EST

We’ve become aware that access was obtained to a number of Buffer accounts which have been used to spread support for Russia’s invasion of Ukraine. This is very concerning to us. So far there is no indication of a breach to Buffer. We will update this thread as we know more.

Brought to you by

Try Buffer for free

140,000+ small businesses like yours use Buffer to build their brand on social media every month

Get started now

Related Articles

OverflowJul 12, 2024
How We're Preventing Breaking Changes in GraphQL APIs at Buffer — and Why It's Essential for Our Customers

As part of our commitment to transparency and building in public, Buffer engineer Joe Birch shares how we’re doing this for our own GraphQL API via the use of GitHub Actions.

OpenApr 24, 2024
TikTok 'Ban' Bill Signed into Law: What It Means for Buffer and How Creators & Marketers Can Prepare

TikTok's parent company must divest the app or face a ban in the U.S. Here's everything we know, plus how to plan ahead.

woman examining a floor to ceiling bookshelf
OpenMar 29, 2024
Lessons from Unreasonable Hospitality: A Favorite Read From Our Customer Advocacy Team

How the Buffer Customer Advocacy Team set up their book club, plus their key takeaways from their first read: Unreasonable Hospitality by Will Guidara.

140,000+ people like you use Buffer to build their brand on social media every month