Saboteurs target OAuth protocol to compromise HootSuite users

Share this article:

A number of compromised HootSuite accounts were to blame for a recent influx of Twitter spam peddling dieting products.

After obtaining users' account details elsewhere, spammers were able to fraudulently sign into HootSuite – a popular dashboard tool that helps users manage their social networking profiles on Twitter, Facebook, LinkedIn, and other sites. Once signed in, miscreants tweeted links to dubious sites advertising Garcinia Cambogia weight loss pills.

According to a HootSuite statement emailed to on Tuesday, around 7,000 HootSuite users, which equates to less than .01 percent of its user base, were affected by the unauthorized HootSuite logins. The attacks happened after “unauthorized users” targeted a third-party application using OAuth, an authentication protocol that allows applications to interact which each other (or act on a user's behalf) without requiring them to share their passwords.

HootSuite claimed that its software was not hacked to carry out the fraudulent logins. Instead, “a small number of successful attempts to login to HootSuite were made using user IDs and passwords that were acquired elsewhere,” the company statement said.

A Monday article at TechCrunch first shed light on the spam campaign, which affected the Twitter timelines of some high-profile accounts, including those for Jane Fonda and the San Francisco Giants.

HootSuite first discovered the fraudulent login attempts July 26 and, on Aug. 20, the company introduced additional authentication measures to protect users from similar attacks.

As part of the spam campaign, scammers led users to bogus diet websites designed to collect their personal and financial information. In an effort to stop the spam, the third-party application that used OAuth was temporarily disabled.

“In this case, the unauthorized users accessed HootSuite through a third-party application using OAuth,” the statement said. “In response, we've temporarily disabled access to OAuth from the affected third-party online service, and will continue to deploy efforts to keep our users safe.”

Following the incidents, HootSuite has advised all impacted users to change their username and password, and to make sure they don't reuse their credentials across multiple sites.

Last month, a hacker claimed that he was able to get his hands on the Twitter account information of more than 15,000 users, including their OAuth token data, by manipulating the authentication protocol OAuth.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.