As a result of the hack, which occurred on Saturday, some of Buffer’s 1 million registered users that linked their Facebook or Twitter pages to Buffer inadvertently sent out spam messages. After the hack was discovered, Buffer urged users to closely monitor their social media feeds for any spam-like posts, although they also assured users that sensitive information (i.e., passwords or billing information) was safe.
According to this blog entry from Buffer’s website, the hackers were able to steal Facebook and Twitter access tokens from some users, although they were unable to obtain any data beyond that, such as passwords and billing information. Fortunately, Buffer was able to stop the hackers by invalidating Twitter access tokens and adding encryption for any tokens created after the hack, and also by adding an extra security parameter for Facebook access tokens. Buffer has assured users that their information is now safe as a result of these security measures.