Getting Hacked Sucks

I’ve been using social media for the better part of the last decade, and up until recently have never had a problem with spammers or having my account(s) hacked. I’m always careful to craft strong passwords and I try to enable two-factor authentication on any platform that provides it. However, even with those precautions, getting hacked is still a very real possibility for us all, and getting hacked sucks!

The Moment it Happens

I was out eating brunch with my wife a few weeks back enjoying a nice cheat meal (I’m trying out the 4 hour body lifestyle, so I’m allowed to cheat), when my phone inexplicably began to blow up with @ replies, direct messages, and Facebook comments. Even though it’s not uncommon for me to get such notifications, this seemed like something different. I hadn’t posted on any site within the past few hours, and the weekend is usually a pretty slow time for me in terms of interacting with followers, so I decided to check it out.

I had been hacked, and my accounts were spewing mindless spam messages about weight loss supplements. Luckily I have some very tech savvy friends/fans out there that quickly brought this to my attention, which allowed me remove the posts just minutes after they had been posted. While some will say that it’s “just a Twitter account” or “not the same as someone stealing your identity”, but I would argue that it’s in the same ballpark, at least in terms of emotional response. I felt violated, and at the same time helpless. Most services like Facebook and Twitter don’t make it easy or even possible to change your password from a mobile device, so I was literally unable to lock out whomever had gained access to my account.

We left the restaurant and headed home where I quickly jumped on my laptop to change all of my passwords for the services that had been compromised. I found it strange that only one message had been posted to each account and that I wasn’t locked out of either account, but I still didn’t want to take any chances so I updated my security settings and just chalked one up to lessons learned. Little did I know that my accounts were actually fine and nobody had hacked my password(s). The culprit, in fact, was a third-party service that I wasn’t even using anymore, which had access to both my Facebook and Twitter accounts that was causing this problem.

Buffer Fesses Up

As I was scrambling to update all of my passwords across multiple social networks and questioning my methods of security in their entirety, I came across a random retweet on twitter from Jason Calacanis:

Buffer is a social media tool that allows you to schedule and/or randomize social media postings to a variety of networks using their algorithm which is supposed to post at the most opportune times. I had tried this app about on year ago, didn’t like it, and basically forgotten that I even had an account with them. However, they apparently still had access to my accounts, and obviously I was one of the people affected by their security breach.

In their defense, Buffer took full responsibility for this problem and responded in a way that I could only describe as candid, heart-felt, and simply awesome. If only all companies were this good at holding themselves accountable for their mistakes (I’m looking at you airlines). I feel bad for them in a way because they didn’t really do anything wrong per say, but I still closed my account and will not use their service in the future.

What I Learned

The internet is never as secure as you or I would like to think it is. As long as we aren’t in the direct line of fire of most cyber attacks, we tend to just ignore them and think that it simply can’t happen to us. This incident has made me more aware of the fact that I should be more careful with my online properties and I should definitely be a little more selective with the apps and services that I choose to grant access to my online information.

We store so much information on our social media accounts and it’s foolish to think that information isn’t desirable to those who would choose to do you harm. After this happened to me I went through all of my connected applications and removed any that I didn’t think were absolutely necessary (including Buffer). I encourage you to go through your social media profiles and check to see what apps and services have access to your information. Do a serious audit of those connections and see which ones you can live without and remove them immediately. The only way to protect your information is to protect who or what has access to it.

How to Protect Yourself

If you’re not sure how to remove the aforementioned connections from your social profiles, here are the steps for each service that I use:


  1. Visit the Applications section of your profile
  2. Inspect the apps that have access to your account
  3. Click the small X to the right of apps you want to remove
  4. Confirm the removal of the app


  1. Visit the Applications section of your profile
  2. Inspect the apps that have access to your account
  3. Click “Revoke Access” next to apps you want to remove


  1. Visit the Applications section of your profile
  2. Inspect the apps that have access to your account
  3. Mouse over an app and click the pencil icon
  4. Choose “Disconnect App”


  1. Visit the Applications section of your profile
  2. Inspect the apps that have access to your account
  3. Check the box next to any apps you want to remove
  4. Click “Remove”


As long as we choose to live our lives in the public eye through sites like Facebook, Twitter, and LinkedIn, the information that we provide to these sites will always be at risk. Don’t expect the sites or their partners to be responsible for your safety. After all, these are the people that make millions of dollars off of your data on a daily basis, so I’m not real sure how concerned they are with keeping it safe to begin with. Stay vigilant and make sure you’re using secure passwords, two-factor authentication, and vetting the apps and services that have access to your information. That’s really all we can do at this point.