Saboteurs target OAuth protocol to compromise HootSuite users

Share this article:

A number of compromised HootSuite accounts were to blame for a recent influx of Twitter spam peddling dieting products.

After obtaining users' account details elsewhere, spammers were able to fraudulently sign into HootSuite – a popular dashboard tool that helps users manage their social networking profiles on Twitter, Facebook, LinkedIn, and other sites. Once signed in, miscreants tweeted links to dubious sites advertising Garcinia Cambogia weight loss pills.

According to a HootSuite statement emailed to SCMagazine.com on Tuesday, around 7,000 HootSuite users, which equates to less than .01 percent of its user base, were affected by the unauthorized HootSuite logins. The attacks happened after “unauthorized users” targeted a third-party application using OAuth, an authentication protocol that allows applications to interact which each other (or act on a user's behalf) without requiring them to share their passwords.

HootSuite claimed that its software was not hacked to carry out the fraudulent logins. Instead, “a small number of successful attempts to login to HootSuite were made using user IDs and passwords that were acquired elsewhere,” the company statement said.

A Monday article at TechCrunch first shed light on the spam campaign, which affected the Twitter timelines of some high-profile accounts, including those for Jane Fonda and the San Francisco Giants.

HootSuite first discovered the fraudulent login attempts July 26 and, on Aug. 20, the company introduced additional authentication measures to protect users from similar attacks.

As part of the spam campaign, scammers led users to bogus diet websites designed to collect their personal and financial information. In an effort to stop the spam, the third-party application that used OAuth was temporarily disabled.

“In this case, the unauthorized users accessed HootSuite through a third-party application using OAuth,” the statement said. “In response, we've temporarily disabled access to OAuth from the affected third-party online service, and will continue to deploy efforts to keep our users safe.”

Following the incidents, HootSuite has advised all impacted users to change their username and password, and to make sure they don't reuse their credentials across multiple sites.

Last month, a hacker claimed that he was able to get his hands on the Twitter account information of more than 15,000 users, including their OAuth token data, by manipulating the authentication protocol OAuth.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.