Saboteurs target OAuth protocol to compromise HootSuite users

Share this article:

A number of compromised HootSuite accounts were to blame for a recent influx of Twitter spam peddling dieting products.

After obtaining users' account details elsewhere, spammers were able to fraudulently sign into HootSuite – a popular dashboard tool that helps users manage their social networking profiles on Twitter, Facebook, LinkedIn, and other sites. Once signed in, miscreants tweeted links to dubious sites advertising Garcinia Cambogia weight loss pills.

According to a HootSuite statement emailed to on Tuesday, around 7,000 HootSuite users, which equates to less than .01 percent of its user base, were affected by the unauthorized HootSuite logins. The attacks happened after “unauthorized users” targeted a third-party application using OAuth, an authentication protocol that allows applications to interact which each other (or act on a user's behalf) without requiring them to share their passwords.

HootSuite claimed that its software was not hacked to carry out the fraudulent logins. Instead, “a small number of successful attempts to login to HootSuite were made using user IDs and passwords that were acquired elsewhere,” the company statement said.

A Monday article at TechCrunch first shed light on the spam campaign, which affected the Twitter timelines of some high-profile accounts, including those for Jane Fonda and the San Francisco Giants.

HootSuite first discovered the fraudulent login attempts July 26 and, on Aug. 20, the company introduced additional authentication measures to protect users from similar attacks.

As part of the spam campaign, scammers led users to bogus diet websites designed to collect their personal and financial information. In an effort to stop the spam, the third-party application that used OAuth was temporarily disabled.

“In this case, the unauthorized users accessed HootSuite through a third-party application using OAuth,” the statement said. “In response, we've temporarily disabled access to OAuth from the affected third-party online service, and will continue to deploy efforts to keep our users safe.”

Following the incidents, HootSuite has advised all impacted users to change their username and password, and to make sure they don't reuse their credentials across multiple sites.

Last month, a hacker claimed that he was able to get his hands on the Twitter account information of more than 15,000 users, including their OAuth token data, by manipulating the authentication protocol OAuth.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.