Case Study on Crisis Communications: What Buffer Did Right


When crisis hits, there are ways to lessen the impact and ways that will dig yourself an even deeper hole.

The latter is especially true in the case where users and customers are concerned. Public opinion is an uphill battle (just look at the president’s rating when things are going well), and if you dig in deep, you have a ways to climb. But there are ways to ascend to the light, and the best brands know that how you act during a crisis has just as much effect on public perception as the crisis itself.

Buffer’s recent hacking crisis is one such example of a brand rising above the situation to come out ahead.

For those of you who are not familiar with the story, last Saturday, Buffer, a social media scheduling app, was hacked, causing the service to send out weight loss spam on its users’ social networks.

As a community manager, the horror of having spam messages go out on social media accounts that I am responsible for is immense. People have been fired for erroneous tweets before. Although this current case resulted from hacking rather than human error, it does not discount the trust that many social media managers place in services that have direct access to their accounts.

For Buffer, an attack like this could have completely destroyed its users’ trust, but because of the team’s crisis management, they’ve not only regained the trust of their community but shown they are capable team in the process. As a Buffer paid subscriber, I was most impressed by their response to the hacking.

What, you ask, did Buffer do right?

1. Be in communication before the crisis.

I can’t say that I always read the updates that Buffer send me. Usually they detail new features, ask for my feedback, and consistently come every two weeks. But when the crisis came, I already had the sense that this is a brand that communicates openly with me, and I was more receptive to hearing their communication because of it.

If you are already in communication with your users before crisis strikes, communicating during it will be that much easier since you already have your attention.

2. Apologize and take responsibility.

Buffer didn’t asked to be hacked, but as a service provider, they are responsible for what happens through their app.

The very first sentence of their email was an apology:

“I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend.”

They didn’t skirt their responsibility or deflect blame onto the hacker. In subsequent emails, Buffer continued to apologize, and even when they discovered the breach had originated through another service, MongoHQ, they continued to take responsibility.

Taking responsibility let’s users know that you understand the impact and helps quell frustration and anger, allowing the team to focus on the problem and not the resulting PR.

3. Respond quickly with accurate information.

Buffer’s email went out an hour after they discovered they were hacked.

Sending out the email allowed them to get ahead of the story before it could get out of control in the media and report the most current and accurate information. Many users who might have been frustrated by not knowing what was going on with their accounts were informed, and the company limited the spread of misinformation.

The internet moves fast, and if you don’t move with it, you may let misinformed users define the story instead of your brand.

4. Be transparent.

Transparency is one of Buffer’s company values, and it certainly came through during the crisis.

If you were looking for information about the hacking and didn’t get the email, you could have followed along on their Facebook, Twitter, or blog. Buffer meticulously updated its blog every few hours on the day of the attack and several more times in the days after to wrap up how the breach took place. For those who were affected, they could see all that the Buffer team was doing to respond to and solve the problem.

Oftentimes if a brand tries to hide a problem from its users that is later revealed or opts to not share information on what they are doing to troubleshoot, users may perceive the company as dishonest, unresponsive, or uncaring. These are not good traits to be associated with your company or brand.

In fact, one non-user had a very positive response to the transparency:

“Proof positive that full transparency and openness is the only way to go when situations like this occur. Kudos to Buffer. I am not currently a user but will seriously look at your solution, now.”

5. Address the problem to re-earn users’ trust.

All of the above actions are great, but if you can’t actually fix the problem, users have no reason to give their trust back. Buffer addressed the issue on several levels:

  • deactivating all posts to Facebook and Twitter to ensure the spam did not spread
  • increasing security on all posts to prevent future hacking
  • understanding how the hacker acquired access tokens that allowed for the spam to pass through. 

The first fix corrected the symptoms of the problem while the latter two got to the core: the need to improve Buffer’s security both at the technology level but also looking at company practices. Although a minority of users had spam posted to their account, the crisis was a win for the majority of Buffer’s users since security was improved for the community as a whole.

When a crisis occurs, it is just as important to communicate how you are addressing the problem as it is to fix it.

Your communication should take responsibility for your role in the crisis, convey accurate information in a timely matter, and be transparent in what you are doing to solve the problem. All this will be easier if you are already communicating with your users. However, communication will do very little in the long run if you fail to fix the problem.

Communicate and work to resolve your crisis and you may come out on top.

What do you think of Buffer’s response? Will you continue to trust or use the service in light of the recent hacking?

Karynn Ikeda is a social media strategist turned event produ
cer. Connect with her on Twitter at @ktikeda.