Article updated: November 16, 2021
Security and Hootsuite
We are serious about security. We use many mechanisms and policies to protect user data. These include the following:
- Access to Hootsuite uses Secure Login. We use secure sockets layer (SSL) to encrypt your Hootsuite credentials. SSL is an encryption protocol that uses public-key cryptography. We do not save or store passwords, and we will never asked for your password.
- Hootsuite only interacts with social networks through application programming interface (API) calls.
- When pulling content using an API call, we get status updates in plain text. We only display hyperlinks when we detect an "http://" or “https://” prefix.
- Hootsuite uses open authorization (OAuth) to connect to popular social networks (like Twitter). Once you connect, social networks generally do not need to connect again. This means that we do not need to connect to get your social account from an external site again and again. We do not store usernames and passwords for social networks on our servers.
- Team collaboration uses OAuth to connect one authorized account to the social accounts. Team members, even those with administrative privileges, cannot connect it to another Hootsuite account.
- Team collaboration does not share or show any account login credentials.
- Hootsuite provides in-stream link previews. This means users can view web page content without accessing it.
- Hootsuite quarantines abusive links hidden with Ow.ly URLs. We use Google Safe Browsing and manual checks to determine whether a link may be unsafe. Then we delete the offending URL from the database and block the source domain from accessing the unsafe links.
Unauthorized social network activity
If you suspect that your Hootsuite account has been compromised, check the following before you report the incident to Hootsuite:
- Does anyone else have access to your social network accounts (either currently or in the past)?
Solution: Change the password for each account in the social network (in Twitter or Facebook, for example).
- Does someone have access to your Hootsuite account who shouldn’t?
Solution:Change your Hootsuite account password.
- Are you a member of a Hootsuite organization that shares access to social accounts with other members?
Solution: Go to My profile, and then select Manage accounts and teams to see if you are a member of an organization. Learn how to remove a member from an organization, team, or social account.
- Do you have an RSS feed app connected to your account that you’ve forgotten about? RSS feeds may go dormant when there is no new content for them to post.
Solution: Go to My profile, select Install Hootsuite apps, and then select Installed. Check for installed or running apps.
What you can do to avoid security threats
You can do a lot to protect your Hootsuite account from security threats. These include the following:
- Periodically change your social network passwords.
- Periodically change your Hootsuite account password.
- Revoke Hootsuite access to affected social accounts. See Revoke Hootsuite access to a social account.
- Don't click on links sent to you by unfamiliar people. If a link seems suspicious, check the destination web address before you click on it.
- Be aware of phishing scams that use sites or messages to imitate a contact or organization you know.
- Report any password reset emails that you did not request.
- Confirm web addresses from Hootsuite. Always check the domain name. Phishing emails or web pages may try to look like https://hootsuite.com, but they often have spelling errors. The lock icon and https:// in the browser address bar indicate that the Hootsuite.com pages are secure and encrypted.
Copyright is the ownership of an intellectual property as defined by national or international law. If you are unsure if you are a copyright holder, please consult an attorney. Hootsuite Media Inc. does not provide legal advice.
For information on how to report copyright infringement, see Hootsuite’s Copyright & IP Infringement Policy.
Report a security concern
You can report a security concern to Hootsuite here. Select an option from the list at the top of the page and include any related links or examples. Thank you for helping us prevent future attacks.
What to report
- Unauthorized posts to your social accounts.
- Phishing attempts. These are attempts to gain access to your accounts or reset your account credentials. These may not be about social media (for example, someone pretending to be a bank or an app store).
- Abusive ow.ly/owl.li/ht.ly/htl.li links sent to you (whether you access them or not).
What not to report
- Abuse. If abuse is specific to one of your social accounts, report it to the social network (for example, Facebook or Twitter).
- Forgotten Hootsuite account email or password. Please contact our customer support team at @Hootsuite_Help.
- Accounts created with an email you can no longer access. Please contact our customer support team at @Hootsuite_Help.