Security Incident: Buffer Social Media App Hacked Over this past weekend, a popular social media application called ‘Buffer’ was compromised, allowing third parties to post under assumed credentials. This…

Security Incident: Buffer Social Media App Hacked

Share

Security Incident- Buffer Social Media App Hacked ComputerOver this past weekend, a popular social media application called ‘Buffer’ was compromised, allowing third parties to post under assumed credentials. This potentially allowed Buffer to be misused to post embarrassing tweets, Facebook posts, and other social media reputation damage. The official Buffer blog covered the issue and response in detail.

Buffer handled the incident well, providing full transparency and doing so quickly. What it highlights, however, is the continued need for account and application-level control and governance for organizations. For example, while this compromise allowed Buffer to post on the behalf of authorized users, consider the permissions that the app requested and gained for users who opted to associate it with their Google OAUTH credentials:

Security Incident- Buffer Social Media App Hacked Buffer App Permissions

Had the compromise been only slightly different, this same app could have been used to misappropriate large numbers of organizational contacts and even modify Google+ business pages.

In this case, customers of CloudLock’s Apps Firewall platform were able to quickly identify and revoke Buffer’s access to their domain. They were able to respond to the incident by revoking all user access to the application and banning it until the incident had passed, and pending review as to whether this type of application should be present within the domain.

Apps Firewall Dashboard 1:14

Application whitelisting is a well known concept for on-premise networks. Google Apps customers can benefit from the same enterprise security capabilities they used to have before migrating to the cloud with Apps Firewall — contact us today if you would like more information on how to implement the CloudLock platform within your organization.

Share
Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser

Close