Buffer, an app that allows users to schedule their social media posts, has recently acknowledged that hackers breached their website.
The hackers managed to steal the facebook, twitter access tokens of users stored in their server that allowed the hackers to post Spam on behalf of Buffer's users.
However, CTO Sunil noted in their blog that hackers were not able to get access to any passwords, billing information or any other sensitive information.
The company immediately took a step and invalidate all twitter access tokens and added encryption for all of them. He also noted they are using an extra security parameter for facebook API calls to make it more secure.
The company managed to identify the source of the security breach and closed the vulnerability.