Social media management system Hootsuite recovered rapidly from a denial of service (DoS) attack late last week, bouncing back after being offline for a few hours Thursday morning.
During that time, starting around 9:45 a.m. EST., users of the site were unable to use the service after a malicious actor flooded its services and brought its dashboard and mobile APIs offline.
The company’s CEO Ryan Holmes, insisted no customer data was compromised in the attack in a short blog post and claims that the company was quick to respond and in the midst of working on a solution to prevent future attacks.
“HootSuite Engineering and Security teams were able to respond immediately, and are working with hosting providers to mitigate the impact of any future attacks.”
Similar to Tweetdeck, Hootsuite is a web-based dashboard client used by social media professionals to manage Twitter.
Several thousand of the service’s users had their accounts briefly hacked last fall to send out a barrage of pharmaceutical phishing spam. While Hootsuite wasn’t compromised per se, the company did blame the spamming on weak passwords and at the time acknowledged that a “small number of successful attempts to log in to HootSuite were made using user IDs and passwords that were acquired elsewhere.”
The service implemented a handful of security methods last summer to prevent further password theft including Social Verification — verification using Twitter or Facebook log-in credentials associated with HootSuite accounts and Location Verification – verification if the account logs in from an unusual location.
Twitter mandated earlier this year that companies such as Hootsuite using the service’s application programming interface (API) only accept traffic traveling via Transport Layer Security (TLS) or Secure Sockets Layer (SSL). The move was largely done to harden user security for those who use third-party apps by encrypting sensitive information via HTTPS.