Over this past weekend, a popular social media application called ‘Buffer’ was compromised, allowing third parties to post under assumed credentials. This potentially allowed Buffer to be misused to post embarrassing tweets, Facebook posts, and other social media reputation damage. The official Buffer blog covered the issue and response in detail.
Buffer handled the incident well, providing full transparency and doing so quickly. What it highlights, however, is the continued need for account and application-level control and governance for organizations. For example, while this compromise allowed Buffer to post on the behalf of authorized users, consider the permissions that the app requested and gained for users who opted to associate it with their Google OAUTH credentials:
Had the compromise been only slightly different, this same app could have been used to misappropriate large numbers of organizational contacts and even modify Google+ business pages.
In this case, customers of CloudLock’s Apps Firewall platform were able to quickly identify and revoke Buffer’s access to their domain. They were able to respond to the incident by revoking all user access to the application and banning it until the incident had passed, and pending review as to whether this type of application should be present within the domain.
Application whitelisting is a well known concept for on-premise networks. Google Apps customers can benefit from the same enterprise security capabilities they used to have before migrating to the cloud with Apps Firewall — contact us today if you would like more information on how to implement the CloudLock platform within your organization.