Buffer Hack – Great Crisis Management Bolstered by Brand Advocates

Share Your Thoughts: Facebooktwitterlinkedin

Update 11/4/2013: Superior follow up article on Buffer Hack from By David Berlind – editor-in-chief of ProgrammableWeb.comWhy The Attack on Buffer Was A Serious Wake-Up Call For The Web


Buffer is the scheduling tool of choice for more than one million users, pre-scheduling and sending more than one million social messages every week. Custom scheduling, multiple accounts, team member access and detailed analytics make Buffer a go-to social media management tool.


At Firestorm this past Saturday, we saw a disturbing email appear in our in-boxes regarding Buffer: “Buffer has been hacked – here is what’s going on.”

“Hi there,
I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.
We’re posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.
The best steps for you to take right now and important information for you:
•    Remove any postings from your Facebook page or Twitter page that look like spam
•    Keep an eye on Buffer’s Twitter page and Facebook page
•    Your Buffer passwords are not affected
•    No billing or payment information was affected or exposed
•    All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation
I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.
If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.
– Joel and the Buffer team”

ThanksAside from being very grateful to the folks at Buffer for notifying its users so quickly, the tone of the message was thoughtful, sincere, and gave users actionable steps to take.

As we watched Buffer’s Twitter feed, Facebook page and blog, their team continued to keep all informed each step of the troubleshooting process. 30,000 Facebook accounts out of 476,000 were affected by the spam attack, around 6.3% of users.

How the Hack Happened

From Buffer: The backdoor was created through one of our partners, MongoHQ who are managing our database. MongoHQ, who have been incredibly responsible and responsive regarding this also just released an update about the security breach on their blog.

In short, the MongoHQ password of one of MongoHQ’s employees was stolen. That way the hackers logged into the main admin dashboard of MongoHQ and were able to use the “impersonate” feature to see all of Buffer’s database information. Through that, they wrote a script to steal our social access tokens and post spam messages on behalf of our users.

By providing this type of clear, concise messaging, Buffer accomplished highly effective Crisis Messaging:

  • Guiding appropriate decisions, actions and behaviors
  • Improving knowledge and understanding
  • Encouraging collaboration and cooperation
  • Building, maintaining or restoring trust

By doing so, Buffer’s Brand Advocates came out in force. There were hundreds and hundreds of messages of support from users. 


We know there are challenges when leveraging 3rd-party applications – we also know that by handling crises with clarity and honesty, you can recover quickly and reinforce trust in your brand.

Nice job Buffer.


Enhanced by Zemanta
Share Your Thoughts: Facebooktwitterlinkedin