Buffer gets hacked, founder reacts
Social media management tool, Buffer was hacked mid-day on Saturday, and accounts sent out unauthorized weight loss spam messages through accounts like Facebook and Twitter that are connected to many users’ Buffer accounts.
Immediately upon learning of the hack, Buffer tweeted, “Hi all. So sorry, it looks like we’ve been compromised. Temporarily pausing all posts as we investigate. We’ll update ASAP.” Additionally, users that log in to the Buffer app see a warning and apology at the top of the page, reading, “Sorry – Buffer was hacked and some scam posts were sent. We’re working hard to investigate. Stay updated via Twitter (@buffer).”
Buffer says it is currently investigating and has turned off all posting through Buffer until the situation is resolved. Users are urged to change their password immediately.
Shortly after the hack, despite updates on Twitter, and a notification on the site – both major feats for a weekend, even for a tech startup, Buffer Founder, Joel Gascoigne emailed all users the following:
I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
The best steps for you to take right now and important information for you:
- Remove any postings from your Facebook page or Twitter page that look like spam
- Keep an eye on Buffer’s Twitter page and Facebook page
- Your Buffer passwords are not affected
- No billing or payment information was affected or exposed
- All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation
I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
– Joel and the Buffer team
Crisis management like a boss
In recent history, hacks have been handled very poorly. Some companies act as if they never happened, others immediately rush to place blame, but Buffer has provided an immediate case study of how your company should handle a security breach by notifying users instantly, apologizing profusely, getting the word out on all social networks, and explaining fully what has happened and what will happen next.
Although the situation is still evolving, Buffer was less worried with blame, and more worried with their customers’ experience and security. Perhaps they had a crisis management plan in place, or perhaps their leadership is well equipped to handle crises of this nature, but either way, Buffer has nailed it.