Breach, Data Security, Incident Response, TDR, Threat Management

Saboteurs target OAuth protocol to compromise HootSuite users

A number of compromised HootSuite accounts were to blame for a recent influx of Twitter spam peddling dieting products.

After obtaining users' account details elsewhere, spammers were able to fraudulently sign into HootSuite – a popular dashboard tool that helps users manage their social networking profiles on Twitter, Facebook, LinkedIn, and other sites. Once signed in, miscreants tweeted links to dubious sites advertising Garcinia Cambogia weight loss pills.

According to a HootSuite statement emailed to SCMagazine.com on Tuesday, around 7,000 HootSuite users, which equates to less than .01 percent of its user base, were affected by the unauthorized HootSuite logins. The attacks happened after “unauthorized users” targeted a third-party application using OAuth, an authentication protocol that allows applications to interact which each other (or act on a user's behalf) without requiring them to share their passwords.

HootSuite claimed that its software was not hacked to carry out the fraudulent logins. Instead, “a small number of successful attempts to login to HootSuite were made using user IDs and passwords that were acquired elsewhere,” the company statement said.

A Monday article at TechCrunch first shed light on the spam campaign, which affected the Twitter timelines of some high-profile accounts, including those for Jane Fonda and the San Francisco Giants.

HootSuite first discovered the fraudulent login attempts July 26 and, on Aug. 20, the company introduced additional authentication measures to protect users from similar attacks.

As part of the spam campaign, scammers led users to bogus diet websites designed to collect their personal and financial information. In an effort to stop the spam, the third-party application that used OAuth was temporarily disabled.

“In this case, the unauthorized users accessed HootSuite through a third-party application using OAuth,” the statement said. “In response, we've temporarily disabled access to OAuth from the affected third-party online service, and will continue to deploy efforts to keep our users safe.”

Following the incidents, HootSuite has advised all impacted users to change their username and password, and to make sure they don't reuse their credentials across multiple sites.

Last month, a hacker claimed that he was able to get his hands on the Twitter account information of more than 15,000 users, including their OAuth token data, by manipulating the authentication protocol OAuth.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.