How Buffer Has Reacted to the ‘Heartbleed Bug’ to Protect Our Customers

Apr 10, 2014 2 min readOpen
Photo of Courtney Seiter
Courtney Seiter

Former Director of People @ Buffer

heartbleed

You may have heard some talk recently about the “Heartbleed bug.” That’s the scary-named vulnerability that was just discovered in the software library that protects many sites on the internet – including Buffer.

We wanted to make sure to tell you exactly what we know and what we’ve done about Heartbleed at Buffer to keep your information as safe as possible.

What is Heartbleed?

The Heartbleed bug was just recently discovered on April 7th in OpenSSL, a kind of cryptography software that protects an estimated 66%+ of the entire web. It can allow anyone on the internet to decrypt protected web traffic and potentially uncover names, passwords, and content you send to secure web sites. Although it was just found, the bug has been around for more than two years, which means a lot of sites that we all use every day may have been affected. That’s the gist, but you can learn a lot more about it at the Heartbleed FAQ.

How Buffer has reacted

To fix the vulnerability in Buffer, we have worked with Amazon Web Services to patch the vulnerability and re-keyed all of our SSL certificates. This closed the vulnerability for all Buffer customers. That means for your security, you’ll be logged out of your Buffer account and will need to sign back in. We know this isn’t ideal, and we’re really sorry to add these additional steps to your day.

What you can do to stay safe

Since we’ve made these updates, your data is now safe in Buffer. We would encourage you to change your password for Buffer and any other site that you log in with. (Check first to make sure they’ve fixed the vulnerability, though – otherwise you might have to change it again later. Services like Lastpass can help you navigate which sites are vulnerable and when you’re clear to change your password.) 

And i

f you haven’t activated Buffer’s optional 2-step login , now would be a great time to do that. It’s the most secure and safest way to handle your social media accounts. 

One final note: Although this security breach affects far more than just Buffer, we’re who you trusted with your data and we take that trust and responsibility very seriously. We’re really sorry this happened.

Got questions about Heartbleed, web vulnerabilities and Buffer? We’re here to help.

If you’re interested in more information about what the Heartbleed vulnerability is and things you can do to protect yourself, here are some great links.   Some of these links may be a bit technical, if you have any questions at all about this, just tweet us!

Brought to you by

Try Buffer for free

140,000+ small businesses like yours use Buffer to build their brand on social media every month

Get started now

Related Articles

ai in content
OpenMar 14, 2024
How Buffer’s Content Team Uses AI

In this article, the Buffer Content team shares exactly how and where we use AI in our work.

OpenMar 13, 2024
TikTok Might be Banned in the U.S.: What It Means for Buffer and How Marketers Can Prepare

Here we go again. If you work in social media, it’s nothing new to adapt and change your strategy based on the ever-changing algorithms and the rise and fall of social networks. (Who else was on Vine? 🙋🏻‍♀️) But, of course, we wish you didn’t have to. The latest wave for social media marketers and creators is that TikTok might be banned in the U.S. The short-form video app has become one of the most widely-used social media platforms and is credited with impacting trends and cultural shifts.

buffer retreat advice
OpenMar 1, 2024
How to Handle a Retreat: 16 Tips from Bufferoos as We Head to Cancún

The Buffer team is heading out on our first retreat since 2019! I asked the retreat veterans for advice on making the most of the trip as a newbie.

140,000+ people like you use Buffer to build their brand on social media every month