In this article:
Unauthorized social network activity
If you suspect the security of your Hootsuite account has been compromised, here are some things to check before reporting the incident to us:
- Did anyone else used to have or still have access to your social network accounts?
Solution: Change your individual social network passwords natively (in Twitter or Facebook, for example).
- Did anyone else used to have access to your Hootsuite account that shouldn’t anymore?
Solution: Change your Hootsuite account password
- Are you a member of a Hootsuite organization with other members who have access to the same social networks you do?
Solution: Check for organizations by clicking your profile picture ( by default) in the top-right corner of the dashboard.
- Do you have an RSS feed connected to your account that perhaps you’ve forgotten about? RSS feeds can go dormant for periods of time if there is no new content for them to post.
Solution: Check for RSS feeds by clicking your profile picture in the top-right corner of the dashboard, selecting Account & Settings, and then clicking RSS/Atom.
What you can do to avoid security threats
- Change your social network passwords periodically.
- Change your Hootsuite account password periodically.
- Revoke Hootsuite access to affected social networks.
- Don't click on links sent by people unfamiliar to you. If a link seems suspicious, hover your mouse over it. The destination web address will display in the bottom-left corner of your browser.
- Be aware of phishing scams that use sites or messages to imitate a contact or organization you know to get personal information from you. Report any password reset emails that you did not request.
- Confirm web addresses from Hootsuite. Always check the domain name being used. Phishing emails or web pages may look similar to https://hootsuite.com, but will often have spelling errors. The green lock icon and https in the browser address bar are indicators that the Hootsuite.com pages are secure and encrypted.
Copyright is the ownership of an intellectual property as defined by a nation's or international law. If you are unsure if you are a copyright holder, please consult an attorney. Hootsuite Media Inc. does not provide legal advice.
For more information, and details on how to report copyright infringement, see Hootsuite’s Copyright & IP Infringement Policy.
Report a security concern
Report security concerns here using the drop-down at the top of the page. Please include any related links or examples of the security concern. Thank you for helping us prevent future attacks.
What to report
- Unauthorized posts to your social networks.
- Phishing attempts (requests or attempts to gain access to your accounts or reset your account credentials).
These can be unrelated to social media (e.g. pretending to be a bank or app store asking for your credentials)
- Abusive ow.ly/owl.li/ht.ly/htl.li links sent to you (that may or may not have been clicked).
What not to report
- If the abuse is specific to one of your social network accounts (e.g. Facebook or Twitter), the incident needs to be reported directly to them.
- Forgotten Hootsuite account email or password. Please contact our customer support team at @Hootsuite_Help to recover your account information.
- You created your account with an email you can no longer access. Please contact our customer support team at @Hootsuite_Help to recover your account information.
How Hootsuite helps to keep your data safe
- When users access Hootsuite, they go through Secure Login. This means your Hootsuite credentials are encrypted through secure sockets layer (SSL), an encryption protocol that uses public-key crypto.
- Hootsuite only interacts with different social networks through application programming interface (API) calls.
- When pulling content from an API call, status updates are in plain text. Text is displayed as a hyperlink only when we detect an "http://" or “https://” prefix.
- Hootsuite uses open authorization (OAuth) when connecting to popular social networks such as Twitter. Once done initially, social networks generally do not need to connect again -- meaning connection to an external site for the purposes of integrating a social profile only needs to be done once. This also means Hootsuite does not store usernames and passwords for social networks on servers.
- Team collaboration uses one authorized account to connect the social network(s) via OAuth. This means no team members, even if they have administrative privileges, can connect the social profile to another Hootsuite account.
- Team collaboration offers multiple personnel social network account access without revealing account login credentials.
- Hootsuite provides in-stream link previews. This means users can view webpage content without accessing it.
- Hootsuite automatically quarantines abusive links hidden with Ow.ly URLs with a safety warning, using Google Safebrowsing and manual checks to determine whether a link may be unsafe. Hootsuite also takes additional steps of deleting the offending URL from the database, and blocking the source domain from accessing Ow.ly.