SocialBuffer’s Response to Hacking: A Study in Social Media Crisis Management

Buffer’s Response to Hacking: A Study in Social Media Crisis Management

Social sharing start-up Buffer was hacked Saturday. In the hours their service was down, the Buffer team managed the crisis across social media and email channels like champs. See lessons in social media crisis management for brands.


More often than brands would probably like, we’re given opportunities to learn about social media crisis management through the highly visible fallout from the experiences of others. This weekend, social sharing platform Buffer was hacked, resulting in a Saturday afternoon and evening crisis for the start-up.

I wouldn’t say it was a positive experience for Buffer, but I will say this: it turned out okay. Not awesome, but okay. That’s about the best you can hope for when hackers cause an interruption in service for your customers that lasts several hours.

Buffer Responded to Spam Hack Saturday Afternoon

Over several hours, I watched as Buffer communicated with media, customers and their greater social audience. Few were bashing the brand; in fact, the social buzz was largely positive across their channels. Customers praised the company for their transparency and timely communications. I was amazed to see a Buffer rep, Andy, tweeting in response to each and every mention they received at the peak of their crisis. Staff were communicating across their blog, Twitter, Facebook and through the media, to ensure customers were fully informed.

Buffer co-founder and CMO Leo Widrich took the time to discuss his company’s social media crisis management strategy with us just a day after it happened. “It was really incredible to see how everyone on the team just tried to find a way to help our users, whether in comments, with Tweets, on Facebook and via email,” he said. “I’m incredibly grateful for the people on our team and how they’ve responded here.”

Beyond having a great team, how can a brand navigate a crisis and come out (relatively) clean on the other side? We’ve seen time and again a problematic issue for a brand become a full blown social media crisis, usually due to one or more of the following missteps:

  • Failing to understand your customer base and the risks inherent to social promotion even at the most basic level, as in McDonald’s disastrous #McDStories campaign.
  • Attempting to gloss over problematic issues by refusing to discuss them in social channels, as Lululemon demonstrated during their see-through pants crisis.
  • Failing to communicate openly and honestly with users in a timely manner—see Sony’s four-day silence on their April, 2011 hacking.
  • Planning to fail by failing to plan, as was demonstrated by HMV execs, who had no process in place to remove access when employees took over their Twitter as they were being fired.
  • Panicking and removing the brand from the conversation (which will inevitably go on without you); see the City of Regina Police Department’s social meltdown after an officer killed a dog in a backyard. The flurry of social hate was “unmanageable,” so they shut their Facebook Page down completely… for 5 months.

There are a lot of ways to ignite the fuse that will turn a situation from manageable to spontaneous combustion across social media channels. See how Buffer managed their team, processes and partners to reduce the impact of the interruption and even reinforce their core values to customers, all without going up in social flames.

What Buffer Did Right, Right Out of the Gate

Around 2:20pm EST, people began tweeting about spam tweets and Facebook posts appearing on behalf of some Buffer users. By 2:36pm, Buffer sent their first tweet acknowledging the problem:


They immediately ceased sharing from their social platform to mitigate the damage while they investigated.

From that point forward, Buffer was in “all hands on deck” mode across their social channels and email, responding in real-time to customer concerns. Yet Buffer is a fully distributed team and actually had no one in the office—it was Saturday afternoon.

“Everyone was cranking away from their homes. Internally, the team stayed connected with Google Hangouts continuously throughout the breach so we could coordinate fast and effectively,” Widrich tells us. “The teamwork was truly incredible on that day, everyone was so solution-oriented. All engineers were focused on the tech problem and everyone else was working Twitter, emails, blog post comments, etc., to answer the questions of users.”

In Times of Crisis, Be Useful to Your Social Audience

It wasn’t long before Buffer had a blog post published. Buffer Has Been Hacked—here is what’s going on served a number of purposes, not the least of which was to alert users to the problem.

It began:

I wanted to post a quick update and apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 2 hours ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.

In addition to the mea culpa, Buffer offered their Facebook and Twitter pages as the best place for real-time updates and promised to keep them updated.

They also gave a clear, succinct list of action items customers could use to protect their accounts while the issue was being resolved. Rather than lashing out, customers began to voice their support just minutes after learning their accounts may have been compromised:


Be Where Your Customers Are… and Fast

Buffer is a smaller organization and certainly could have chosen to man only one communication channel throughout their hacking ordeal.

Yet Widrich tells us that within one hour of the hack, they had already emailed all of their users (over a million of them), “because we wanted to keep them in the loop and on top of things.”

At the same time, they were already engaging on Facebook and Twitter. Where are your customers on a Saturday afternoon? It’s impossible to know, so Buffer covered as many bases as they could to ensure their customers knew what was going on and what they could do about it.

I asked Widrich if the size of his company was an advantage; after all, larger brands may have stumbling blocks to near-instant cross-platform messaging by way of PR approval and legal teams. “I believe that we simply defaulted to the Buffer values here, with one of our core values being ‘default to transparency,'” he said, adding, “We have very little structure yet at Buffer, so we could be very agile and act quickly without running into an ‘analysis paralysis’ problem.”

Reassure with Regular, Meaningful Updates Across Channels

In this case, Facebook and Amazon Web Services reached out to Buffer proactively, once they noticed the suspicious activity. Widrich tells us that within a few short hours, the two Internet Goliaths offered his tech team guidance and steered them through the difficulties as they added new security measures and made necessary improvements.

As Facebook and Amazon pitched in for the quickest resolution possible, Buffer’s team updated their blog, Facebook and Twitter accounts to keep customers informed. Three blog updates between 1pm and 5:30pm PST offered updates and next steps for users, as in this one:


On Facebook, they reassured their social audience once Facebook itself was on board with the fix:


Even co-founders Widrich and Joel Gascoigne were tweeting updates and responding to inquiries throughout the day.

The Fallout: Brand Culture and Team Empowerment Win the Day

A strong culture allowed Buffer executives to trust those team members not involved in partner discussions or engineering with much of the social communication. Widrich tells us, “We tried to simply default to our values here. Be open, be transparent, be understanding. We like to derive our actions as much as we can from principles and let the methods fall into place by themselves. And that’s what we tried to apply here as well.”


In just the few hours of their crisis, Buffer saw the tweet volume about their brand increase by more than four times the typical volume in an entire day. Yet they were able to move almost seamlessly into crisis mode, with all hands on deck working to resolve the hacking issue, update customers and manage the fallout across their social media channels.


Social media sentiment analysis from Topsy shows a lower score today and during the crisis for Buffer than they typically experience. However, looking deeper into the social content reveals that much of the “negative” content surrounding the brand is the by-product of negative word association in media coverage. “Your Brand Name” and “Hacked” in the news is never going to generate a lot of warm and fuzzy social sentiment.

As surely as you can’t completely prevent hacking, you can’t 100 percent weather-proof your brand. What you can do is prepare your team, tools and processes for the storm.

Buffer is a fantastic example of a company empowering their employees to communicate in real-time, on the fly, while adhering to the brand’s core values, in order to better serve their customer and audience needs. There are valuable lessons here for all brands, especially those that might one day face a storm of their own.

Update: Buffer has released new information about the hacking incident on their blog. “In terms of exact numbers, Facebook confirmed with us that 30,000 Buffer users who had a Facebook page connected (out of 476,343 total connected pages to Buffer) were affected and had spam posted on their behalf. This means that 6.3% of Buffer users on Facebook were impacted by this. Since then, we’ve taken key security measures: we have added encryption of OAuth access tokens and we have changed all API calls to use an added security parameter.”


The 2023 B2B Superpowers Index
whitepaper | Analytics

The 2023 B2B Superpowers Index

Data Analytics in Marketing
whitepaper | Analytics

Data Analytics in Marketing

The Third-Party Data Deprecation Playbook
whitepaper | Digital Marketing

The Third-Party Data Deprecation Playbook

Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study
whitepaper | Digital Marketing

Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study