HootSuite hacked

Yesterday, there was a large hack on many HootSuite accounts, including mine. This resulted in a bunch of weight loss spam posts on many of the 70+ pages we manage for clients. Within minutes, Tiffany, Cara and Titania (our social media team) were calling and texting me and online cleaning up the garbage posts and posting apologies. I immediately changed my password everywhere and de-activated HootSuite for the time being.

@sherean convo w/HootSuite

I have several messages into HootSuite and right now, they are saying the hack was initiated on less than a thousand accounts and that the hackers got in through a 3rd party app – but not through HootSuite. In following the chatter on Twitter, it appears that many more than a thousand accounts were compromised and all are concerned that the problem originated with HootSuite.

I wish I could tell you that HootSuite has fixed this. They have not identified which 3rd party app was vulnerable and allowed this hack. Tiffany has spoken with several other folks she knows who changed their HootSuite password but still got hacked again. This means the remedy HootSuite is proposing is not working.

And this morning, I see on the Hootsuite Help feed that a number of people are having problems changing their passwords.

hootsuite 3 passwords

For those of you who also use HootSuite, we are recommending you de-activate HootSuite from having the ability to post to any of your pages for the next day or two – at least until we get more information. To do this, you’ll need to:


1)      Change your HootSuite password to something impossible. Lots of letters. Use cap and lower. Use numbers. Write it down.

2)      Go to Facebook and your account settings. On the left hand side of your account settings page, you will see a link for “apps.” Go through all of them and REMOVE HootSuite.

3)      Go to Twitter’s settings. You will also see a link for apps. Remove HootSuite.

4)      Change your Facebook and Twitter passwords.

5)       If you are using HootSuite to post to Google+ or LinkedIn, go to your account settings on those pages and de-activate it there as well.

As we learn more, we will post updates on our Facebook page: https://www.facebook.com/newthoughtmktg