Popular social media management tool, HootSuite, is back online following a large distributed denial of service (DDoS) attack that took their service offline. Thursday morning, March 20, 2014, HootSuite had fallen offline for several hours for unknown reasons.
Starting at around 9:45a.m. EST, users trying to access HootSuite were unable to connect to their service after a malicious hacker flooded the services. During the attack HootSuites dashboard, and mobile API’s got turned offline.
HootSuites CEO, Ryan Holmes, posted an official blog post shortly after, regard the recent attacks. Holmes assured that no customer data was comprised in the recent attack. Holmes also goes over what happened and how HootSuite plans to stop malicious floods in the future. Holmes statements read,
While HootSuite users were for a short time unable to access the dashboard, service has now been restored, and no customer data was compromised. Only web traffic to the dashboard and mobile APIs was affected. HootSuite Engineering and Security teams were able to respond immediately, and are working with hosting providers to mitigate the impact of any future attacks.
Hootsuite is a popular social media tool that allows users to connect all their social media profiles into one program.
Just last fall several thousands of HootSuite users had their accounts briefly hacked from a malicious pharmaceutical phishing attack sent out. While Hootsuite was not directly hacked, the phishing attack targeted weak password protected accounts. HootSuite acknowledged the attack stating a “small number of successful attempts to log in to HootSuite were made using user IDs and passwords that were acquired elsewhere.”
HootSuite services implemented a large number of security methods just last summer. Security methods help prevent password theft, one method including Social Verification, (verification using Twitter or Facebook accounts connected to HootSuite) verification if the account logs in from an unusual location.
“Twitter mandated earlier this year that companies such as Hootsuite using the service’s application programming interface (API) only accept traffic traveling via Transport Layer Security (TLS) or Secure Sockets Layer (SSL). The move was largely done to harden user security for those who use third-party apps by encrypting sensitive information via HTTPS.” Threatpost reported.