Entry to some Buffer accounts has been obtained, right here’s what we all know

Update 4: February 26th, 6:49pm EST

None of the 1,552 affected accounts had two factor authentication (2FA) enabled, further indicating that this was likely related to reused passwords. We are continuing to investigate. In the meantime, here’s how to turn on 2FA for your Buffer account.

Update 3: February 26th, 6:20pm EST

Of the 618 Buffer accounts that posted unauthorized content, 766 posts were sent in total:

• 505 (66%) to Twitter
• 233 (30%) to Facebook
• and 28 (4%) to LinkedIn

Our team has taken steps to stop any further unauthorized posts from being sent.

Update 2: February 26th, 5:48pm EST

This affected 1,552 accounts. Of those, 618 accounts posted unauthorized content. Our current understanding is that access was obtained through individual accounts, not through Buffer, likely through reused passwords, though we are not yet certain.

Update 1: February 26th, 5:05pm EST

We’ve become aware that access was obtained to a number of Buffer accounts which have been used to spread support for Russia’s invasion of Ukraine. This is very concerning to us. So far there is no indication of a breach to Buffer. We will update this thread as we know more.