Buffer’s Crisis Management Clinic Post-Hack

Sections of this topic

    Buffer’s Proactive Crisis Management Post-Hack

    Buffer, the popular social media sharing service beloved by power users and community managers, put on a clinic in crisis management after its service was hacked on October 26th. Shortly after some Buffer users began to see spam posts go out from Twitter and Facebook profiles connected to the service, the techs at Buffer decided to pull the plug on posting, hiding Facebook posts made by the app and disconnecting Twitter accounts altogether.

    Knowing stakeholders would be concerned and clamoring for information, the Buffer team started blasting out updates via its blog, email, Twitter account, and Facebook page.

    Here’s the mail we received within minutes of hearing about the problem:

    Hi there,

    I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.

    Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.

    We’re posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.

    The best steps for you to take right now and important information for you:

    • Remove any postings from your Facebook page or Twitter page that look like spam
    • Keep an eye on Buffer’s Twitter page and Facebook page
    • Your Buffer passwords are not affected
    • No billing or payment information was affected or exposed
    • All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation

    I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.

    If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.

    – Joel and the Buffer team

    A sincere apology that kept the tone in line with Buffer’s typical casual attitude, check. Quick, simple presentation of the most important information, including what we needed to do ASAP, check. Showing compassion? Check. Option to interact? Check again.

    As you can see from Buffer’s Facebook page, the company was even more active in communication there, releasing a constant stream of info for stakeholders, media, and whoever else wanted to know.

    We’ll leave the technical explanation for others, but in short, Buffer patched up the security problem and was up and fully functional by mid-day Sunday. The Buffer team wasn’t content to simply start back up again though, they made certain users were aware of what happened, and that they wouldn’t encounter frustration getting their accounts back in order. Here’s their follow-up email:

    Hi there,

    I wanted to follow up with you after yesterday’s hacking incident. For many of you this has seriously disrupted your weekend – I’m sorry we caused that awful experience. The Buffer team has been working around the clock and I’m glad to say we’re back up and running. We have also spent all of today adding several security measures.

    There’s one key step to using Buffer again: You will have to reconnect all your Twitter accounts, even if you’ve already done so. Go to the Buffer web dashboard to reconnect.

    • Other important things for you to know:
    • Reconnecting won’t work in mobile apps, all Twitter accounts will have to be reconnected on the web dashboard.
    • Your Facebook posting will have resumed normally, there is nothing you need to do.
    • Signing in with or connecting a new Twitter account in the iPhone app won’t work until our new update is approved by Apple.

    I want to apologize again and say that I’m incredibly sorry this has affected you and in many cases also your company. We’ve written a blog post with ongoing updates as we uncover the full details.

    What is left for us right now is to complete our technical analysis and take further security measures. We will follow up with another update on this soon.

    I want to invite you again to hit reply to this email or post a comment on our blog post. We will be sure to respond to you as fast as we can.

    – Joel and the Buffer team

    Nailed once again, and, as with other communications, this information was echoed across Buffer’s social media channels.

    With high-profile hacking becoming a regular occurrence, other organizations could do much worse than directly copying Buffer’s approach. Keep the information flowing, fix the hole quickly, and let your stakeholders know you’re aware of their frustration. That’s how you do crisis management when you’ve been hacked.

    For more resources, see the Free Management Library topic: Crisis Management

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, and author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also the editor of its newsletter, Crisis Manager]