Over this past weekend social media start up Buffer got hacked. Apparently hackers were able to gain access to users permission tokens so without the need for a password were able to post spammy weight loss messages all over user’s Facebook pages.
I’m not sure how widespread the problem was, but I was able to track Buffer’s reaction in near real time and I’m pretty sure social media students are going to study this as a text book response to handling an online crisis.
Buffer has over a million users that count on the service to post to Google+, Twitter, LinkedIn and Facebook throughout each day so, even though many do not pay to use Buffer, the exposure to their accounts and therefor online reputations was high.
Around 1:30 pm CT reports like below started to hit the Buffer account on Twitter.
@StephenMeansMe Uh-oh, that’s not good at all! Investigating, sit tight for me. -Carolyn
— Buffer (@buffer) October 26, 2013
Own It At Speed
By 1:36 the following post went out on Twitter
Hi all. So sorry, it looks like we’ve been compromised. Temporarily pausing all posts as we investigate. We’ll update ASAP. — Buffer (@buffer) October 26, 2013
Once a problem was identified the first step of course was to minimize it and while I have no access to the thought process I believe they took the right steps by immediately shutting down access and posting by their tool and communicating with users constantly for the next hour or so. The fact that they monitored customer communication so thoroughly, even on a Saturday, allowed them to react in near real time.
@mhisham We’ve been hacked. Investigating now. So sorry. Stay tuned. -Carolyn — Buffer (@buffer) October 26, 2013
Tell the Entire Story
At 2:07 I received the following email from Buffer CEO Joel Gascoigne – they also inserted a message into the Buffer log in page.
Hi there,
I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
We’re posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.
The best steps for you to take right now and important information for you:
- Remove any postings from your Facebook page or Twitter page that look like spam
- Keep an eye on Buffer’s Twitter page and Facebook page
- Your Buffer passwords are not affected
- No billing or payment information was affected or exposed
- All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation
I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
– Joel and the Buffer team
Owning the mishap and apologizing immediately and repeatedly while continuing to keep people informed can be tough, but it absolutely calmed any kind of panic and assured people that this was going to end well.
Keep Communicating Throughout
A steady stream of tweets that followed added updates as they unfolded.
@bojandordevic We’ve disabled posting for now so hopefully things won’t be going out from now. We’ll keep you updated on steps etc. -Andy
— Buffer (@buffer) October 26, 2013
@MarshallRK Passwords should be fine, feel free to revoke Buffer as a precaution. -Andy
— Buffer (@buffer) October 26, 2013
Dig Your Well Before
One thing that I believe won’t be reported enough, but is critical – Buffer provides this kind of experience all of the time so ramping up and doing it in a crisis was second nature and that spirit was shown through the constant stream of supportive tweets.
@evildotstudios Thanks so much Ricardo. Messages like this are keeping the team going! 🙂 -Andy
— Buffer (@buffer) October 26, 2013
It’s difficult to be transparent and authentic in a crisis unless that’s simply who you are in the first place.
I’m guessing Buffer received some support from Twitter and Facebook and the relationships they built there allowed them to lean on these two in a time of need.
Fix the Problem Not the Blame
All too often organizations spend the first pass at an issue trying to figure out who to push the blame to. Mostly people don’t really care why something happened until perhaps long after they know it’s fixed and won’t happen again.
Buffer owned the problem and the tone of their communication, including another email from Joel explaining what they are doing to beef up security, lacked any hint of blame.
Buffer may indeed lose users over this as one of the steps they took was to voluntarily unauthorize the app from every Twitter account in an effort to squelch damage. In fact, every user must sign back on to Buffer and reauthorize Twitter if they wish to continue to use the service.
In the end, Buffer demonstrated what they stand for and certainly strengthened their brand in the eyes of most who publicly witnessed how they maneuvered through a crisis.
Reader Note: One final note of warning. Hacking into authorization tokens is the new password stealing. It’s time to visit the authorization you’ve given to services to access your social media and other online accounts. Just browsing through apps I’ve authorized on Twitter I found dozens that I no longer use and some that are no longer even around – those are some potential targets for hackers.
