How Buffer Handled Getting Hacked

How You Handle Controversy Speaks Volumes About Your Brand

How You Handle Controversy Speaks Volumes About Your Brand

By John Jantsch

Over this past weekend social media start up Buffer got hacked. Apparently hackers were able to gain access to users permission tokens so without the need for a password were able to post spammy weight loss messages all over user’s Facebook pages.

I’m not sure how widespread the problem was, but I was able to track Buffer’s reaction in near real time and I’m pretty sure social media students are going to study this as a text book response to handling an online crisis.

Buffer has over a million users that count on the service to post to Google+, Twitter, LinkedIn and Facebook throughout each day so, even though many do not pay to use Buffer, the exposure to their accounts and therefor online reputations was high.

Around 1:30 pm CT reports like below started to hit the Buffer account on Twitter.

Own It At Speed

By 1:36 the following post went out on Twitter

  Once a problem was identified the first step of course was to minimize it and while I have no access to the thought process I believe they took the right steps by immediately shutting down access and posting by their tool and communicating with users constantly for the next hour or so. The fact that they monitored customer communication so thoroughly, even on a Saturday, allowed them to react in near real time.

Tell the Entire Story

At 2:07 I received the following email from Buffer CEO Joel Gascoigne – they also inserted a message into the Buffer log in page.

Hi there,

I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.

Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.

We’re posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.

The best steps for you to take right now and important information for you:

  • Remove any postings from your Facebook page or Twitter page that look like spam
  • Keep an eye on Buffer’s Twitter page and Facebook page
  • Your Buffer passwords are not affected
  • No billing or payment information was affected or exposed
  • All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation

I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.

If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.

– Joel and the Buffer team

Owning the mishap and apologizing immediately and repeatedly while continuing to keep people informed can be tough, but it absolutely calmed any kind of panic and assured people that this was going to end well.

Keep Communicating Throughout 

A steady stream of tweets that followed added updates as they unfolded.

 

Dig Your Well Before

One thing that I believe won’t be reported enough, but is critical – Buffer provides this kind of experience all of the time so ramping up and doing it in a crisis was second nature and that spirit was shown through the constant stream of supportive tweets.

It’s difficult to be transparent and authentic in a crisis unless that’s simply who you are in the first place.

I’m guessing Buffer received some support from Twitter and Facebook and the relationships they built there allowed them to lean on these two in a time of need.

Fix the Problem Not the Blame

All too often organizations spend the first pass at an issue trying to figure out who to push the blame to. Mostly people don’t really care why something happened until perhaps long after they know it’s fixed and won’t happen again.

Buffer owned the problem and the tone of their communication, including another email from Joel explaining what they are doing to beef up security, lacked any hint of blame.

Buffer may indeed lose users over this as one of the steps they took was to voluntarily unauthorize the app from every Twitter account in an effort to squelch damage. In fact, every user must sign back on to Buffer and reauthorize Twitter if they wish to continue to use the service.

In the end, Buffer demonstrated what they stand for and certainly strengthened their brand in the eyes of most who publicly witnessed how they maneuvered through a crisis.

Reader Note: One final note of warning. Hacking into authorization tokens is the new password stealing. It’s time to visit the authorization you’ve given to services to access your social media and other online accounts. Just browsing through apps I’ve authorized on Twitter I found dozens that I no longer use and some that are no longer even around – those are some potential targets for hackers.


Managing an Expanding Business, With Your Mission Guiding the Way
Marketing Podcast with Matt Scanlon Podcast Transcript This week on the Duct Tape Marketing podcast, I sit down with Matt Scanlon, owner of The Hill KC in Kansas City. Formerly known as CrossFit Memorial Hill, the business began as a CrossFit gym. Once Scanlon began running the gym, he started to notice other ways to serve […]
Why It’s Time to Embrace a Real CRM Tool for Your Business
Using a spreadsheet or index cards to manage your clients may make sense when you’re first starting out: there aren’t that many to keep track of, and the clients you do have don’t have a long history with your business. However, as time goes on, your client list grows, your track record with existing clients […]

Subscribe to the Duct Tape Marketing Podcast

If you know your small business needs marketing, but don’t have the time or resources, look no further. The Duct Tape Marketing podcast covers everything from earning referrals to managing time and being more productive.

Looking to get your business higher search rankings, more exposure, and more leads?  This Local SEO Playbook will help

Focus on these five elements and you can expect great results from local search.

x