Update 4: February 26th, 6:49pm EST
None of the 1,552 affected accounts had two factor authentication (2FA) enabled, further indicating that this was likely related to reused passwords. We are continuing to investigate. In the meantime, here’s how to turn on 2FA for your Buffer account.
Update 3: February 26th, 6:20pm EST
Of the 618 Buffer accounts that posted unauthorized content, 766 posts were sent in total:
- 505 (66%) to Twitter
- 233 (30%) to Facebook
- and 28 (4%) to LinkedIn
Our team has taken steps to stop any further unauthorized posts from being sent.
Update 2: February 26th, 5:48pm EST
This affected 1,552 accounts. Of those, 618 accounts posted unauthorized content. Our current understanding is that access was obtained through individual accounts, not through Buffer, likely through reused passwords, though we are not yet certain.
Update 1: February 26th, 5:05pm EST
We’ve become aware that access was obtained to a number of Buffer accounts which have been used to spread support for Russia’s invasion of Ukraine. This is very concerning to us. So far there is no indication of a breach to Buffer. We will update this thread as we know more.