Saboteurs target OAuth protocol to compromise HootSuite users

Saboteurs target OAuth protocol to compromise HootSuite users: A number of compromised HootSuite accounts were to blame for a recent influx of Twitter spam peddling dieting products.

After obtaining users’ account details elsewhere, spammers were able to fraudulently sign into HootSuite – a popular dashboard tool that helps users manage their social networking profiles on Twitter, Facebook, LinkedIn, and other sites. Once signed in, miscreants tweeted links to dubious sites advertising Garcinia Cambogia weight loss pills.

According to a HootSuite statement emailed to SCMagazine.com on Tuesday, around 7,000 HootSuite users, which equates to less than .01 percent of its user base, were affected by the unauthorized HootSuite logins. The attacks happened after “unauthorized users” targeted a third-party application using OAuth, an authentication protocol that allows applications to interact which each other (or act on a user’s behalf) without requiring them to share their passwords.

HootSuite claimed that its software was not hacked to carry out the fraudulent logins. Instead, “a small number of successful attempts to login to HootSuite were made using user IDs and passwords that were acquired elsewhere,” the company statement said.