In this article:
Unauthorized social network activity
If you suspect the security of your Hootsuite account has been compromised, here are some things to check before reporting the incident to us:
- Did anyone else used to have or still have access to your social network accounts?
Solution: Change your individual social network passwords natively (in Twitter or Facebook, for example).
- Did anyone else used to have access to your Hootsuite account that shouldn’t anymore?
Solution: Change your Hootsuite account password
- Are you a member of a Hootsuite organization with other members who have access to the same social networks you do?
Solution: Check for organizations by clicking your profile picture ( by default) in the top-right corner of the dashboard.
- Do you have an RSS feed connected to your account that perhaps you’ve forgotten about? RSS feeds can go dormant for periods of time if there is no new content for them to post.
Solution: Check for RSS feeds by clicking your profile picture in the top-right corner of the dashboard, selecting Account & Settings, and then clicking RSS/Atom.
Report a security concern
Report security concerns here using the drop-down at the top of the page. Please include any related links or examples of the security concern.
What to report
- Unauthorized posts to your social networks.
- Phishing attempts (requests or attempts to gain access to your accounts or reset your account credentials).
These can be unrelated to social media (e.g. pretending to be a bank or app store asking for your credentials)
- Abusive ow.ly/owl.li/ht.ly/htl.li links sent to you (that may or may not have been clicked).
What not to report
- If the abuse is specific to one of your social network accounts (e.g. Facebook or Twitter), the incident needs to be reported directly to them.
- You have forgotten your Hootsuite account email or password. Please contact our customer support team at @Hootsuite_Help to recover your account information.
- You created your account with an email you can no longer access. Please contact our customer support team at @Hootsuite_Help to recover your account information.
What you can do to avoid security threats
- Change your social network passwords.
- Change your Hootsuite account password.
- Revoke Hootsuite access to the affected social network.
- Don't click on links sent by people unfamiliar to you.
How Hootsuite helps to keep your data safe
- When users access Hootsuite, they go through Secure Login. This means your Hootsuite credentials are encrypted through secure sockets layer (SSL), an encryption protocol that uses public-key crypto.
- Hootsuite only interacts with different social networks through application programming interface (API) calls.
- When pulling content from an API call, status updates are in plain text. Text is displayed as a hyperlink only when we detect an "http://" or “https://” prefix.
- Hootsuite uses open authorization (OAuth) when connecting to popular social networks such as Twitter. Once done initially, social networks generally do not need to connect again -- meaning connection to an external site for the purposes of integrating a social profile only needs to be done once. This also means Hootsuite does not store usernames and passwords for social networks on servers.
- Team collaboration uses one authorized account to connect the social network(s) via OAuth. This means no team members, even if they have administrative privileges, can connect the social profile to another Hootsuite account.
- Team collaboration offers multiple personnel social network account access without revealing account login credentials.
- Hootsuite provides in-stream link previews. This means users can view webpage content without accessing it.
- Hootsuite automatically quarantines abusive links hidden with Ow.ly URLs with a safety warning, using Google Safebrowsing and manual checks to determine whether a link may be unsafe. Hootsuite also takes additional steps of deleting the offending URL from the database, and blocking the source domain from accessing Ow.ly.