Sunrise “smart calendar” app warns of iCloud on the horizon after hack

Smart calendar app Sunrise has revealed it fell victim to the same cyberattack which saw social sharing app Buffer sending out thousands of weight-loss spam posts – and has warned users who link their Sunrise account to iCloud that they may be at risk.

In an update released on the company blog, CEO Pierre Valade said that users’ Google, Twitter and Facebook data are safe – and that users of LinkedIn and FourSquare will have to reconnect those services to Twitter.

Valade issued a warning to users who had connected an iCloud calendar to the app, saying, “the security breach may have put some of your calendar data at risk. As a precautionary measure, we recommend that you change your iCloud password and reconnect it to Sunrise.”

The Next Web reports that other companies were also affected – including developer product CircleCI. The Buffer incident happened after a hacker gained access to cloud-based database services company Mongo HQ, according to The Next Web.

Mongo HQ said that attackers gained access via a password that was shared with a compromised personal email account, according to ESecurityPlanet.
“As one of the many precautional measures we are taking, we will be logging every Sunrise user out of the app. Simply log back in using the “I’m Already a Sunrise User” button and choosing one of the options that you had previously connected to your account,” said Valade. “We are incredibly sorry that this happened. Your security is very important to us, and once we were aware of the issue we took immediate steps to protect you and maintain your trust.”

The hack received significant public attention after the individuals responsible used their access to “social sharing” app Buffer to send thousands of spam posts advertising a miraculous fruit-based weight loss product – some from  official Facebook and Twitter accounts for companies such as Brussels Airlines and Startup Genome.

Thirty thousand users had spam posted on their behalf, linking to a weight loss site.
The attack offered links to a product containing Garcinia Camboga, a vegetable extract often used in weight loss sup fruit,” according to TechCrunch.