Article updated: June 24, 2021
Security and Hootsuite
Unauthorized social network activity
If you suspect the security of your Hootsuite account has been compromised, here are some things to check before reporting the incident to Hootsuite:
- Does anyone else have access to your social network accounts (either currently or in the past)?
Solution: Change yourk passwords in their associated social network applications (in Twitter or Facebook, for example) for each account.
- Does someone have access to your Hootsuite account who shouldn’t have access anymore?
Solution:Change your Hootsuite account password
- Are you a member of a Hootsuite organization with other members who have access to the same social accounts you do?
Solution: You can go to My profile, and then select Manage accounts and teams to see if you are a member of an organization.
- Do you have an RSS feed connected to your account that perhaps you’ve forgotten about? RSS feeds can go dormant for periods of time when there is no new content for them to post.
Solution: You can go to My profile, select Account settings, preferences, and billing, and then select RSS/Atom to check for RSS feeds.
What you can do to avoid security threats
There are many steps. you can take to protect your Hootsuite account from security threats, including:
- Change your social network passwords periodically.
- Change your Hootsuite account password periodically.
- Revoke Hootsuite access to affected social accounts. For more information, see Revoke Hootsuite access to a social account.
- Don't click on links sent by people unfamiliar to you. If a link seems suspicious, point to it to display and check the destination web address.
- Be aware of phishing scams that use sites or messages to imitate a contact or organization you know. Report any password reset emails that you did not request.
- Confirm web addresses from Hootsuite. Always check the domain name being used. Phishing emails or web pages may look similar to https://hootsuite.com, but will often have spelling errors. The green lock icon and https in the browser address bar are indicators that the Hootsuite.com pages are secure and encrypted.
Copyright is the ownership of an intellectual property as defined by a nation's or international law. If you are unsure if you are a copyright holder, please consult an attorney. Hootsuite Media Inc. does not provide legal advice.
For more information, and details on how to report copyright infringement, see Hootsuite’s Copyright & IP Infringement Policy.
Report a security concern
You can report a security concern directly to Hootsuite here. Select an option from the drop-down list at the top of the page, and include any related links or examples. Thank you for helping us prevent future attacks.
What to report
- Unauthorized posts to your social networks.
- Phishing attempts (requests or attempts to gain access to your accounts or reset your account credentials). These can be unrelated to social media (e.g. pretending to be a bank or app store asking for your credentials)
- Abusive ow.ly/owl.li/ht.ly/htl.li links sent to you (that may or may not have been accessed).
What not to report
- If the abuse is specific to one of your social network accounts (e.g. Facebook or Twitter), the incident needs to be reported directly to the social network.
- Forgotten Hootsuite account email or password. Please contact our customer support team at @Hootsuite_Help to recover your account information.
- Accounts created with an email you can no longer access. Please contact our customer support team at @Hootsuite_Help to recover your account information.
How Hootsuite helps to keep your data safe
Hootsuite implements multiple mechanisms and policies to protect user data, including the following:
- When users access Hootsuite, they go through Secure Login. This means your Hootsuite credentials are encrypted through secure sockets layer (SSL), an encryption protocol that uses public-key crypto. Passwords are never saved or stored, and you will never be asked for your password.
- Hootsuite only interacts with social networks through application programming interface (API) calls.
- When pulling content from an API call, status updates are in plain text. Text is displayed as a hyperlink only when we detect an "http://" or “https://” prefix.
- Hootsuite uses open authorization (OAuth) when connecting to popular social networks such as Twitter. Once done initially, social networks generally do not need to connect again -- meaning connection to an external site for the purposes of integrating a social profile only needs to be done once. This also means Hootsuite does not store usernames and passwords for social networks on servers.
- Team collaboration uses one authorized account to connect the social network(s) via OAuth. This means no team members, even if they have administrative privileges, can connect the social profile to another Hootsuite account.
- Team collaboration offers multiple personnel social network account access without revealing account login credentials.
- Hootsuite provides in-stream link previews. This means users can view webpage content without accessing it.
- Hootsuite automatically quarantines abusive links hidden with Ow.ly URLs with a safety warning, using Google Safebrowsing and manual checks to determine whether a link may be unsafe. Hootsuite also takes additional steps of deleting the offending URL from the database, and blocking the source domain from accessing Ow.ly.