But rather than lose friends, Buffer's speedy response, and open and transparent process, is being held up as an example of how to respond to a breach. The first sign of the hack was the appearance of the spam on users' Twitter accounts and Facebook walls. Typical was: "Losing weight is easy with this new secret bit.ly/Hh1nnn."
Buffer's CEO Joel Gascoigne quickly posted an apology "for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 2 hours ago, and many of you may have experienced spam posts sent from you via Buffer." He stressed that no billing or payment information was affected or exposed to the hackers.
Then, in a series of updates to the post, he kept users informed on what had happened and what Buffer was doing to redress things. By 1pm PST he was able to say, "No more spam updates should occur at this point, as all posting has been disabled." By 5:30pm PST he could add, "Twitter should be working again 100%."
By 8:00pm he was able to announce, "All posting is working again!" He explained that Buffer intends to publish an in depth post about what had happened and what the company has done to fix it, but in the meantime, "we encrypted all access tokens for Twitter and Facebook and also added other security measurements to make everything much more bullet proof."
The following afternoon he provided further details. According to Facebook, around 30,000 Buffer users (just over 6% of its 476,000 Facebook-connected users) had been affected. "Service has resumed with increased security since the incidents," he added. Buffer has more than 1 million users in total.
Gascoigne has also reiterated his promise to publish an in-depth account on what happened. "We’re working with several security experts on tracking down exactly how it was possible for the spammers to get into our system. We’re making good progress on this, this morning."
But the most surprising part of the process has been the largely positive and supportive response from Buffer's users. Rather than the usual anger and accusations from affected users, the response has been favorable: "Proof positive that full transparency and openness is the only way to go when situations like this occur," commented one user. It appears that users understand that hacks occur; but what they most want is to be kept informed on what is happening.