How Buffer Came Out on Top After Getting Hacked

“Aw crap,” I muttered as I looked at my inbox a few weekends ago and saw an email from Buffer CEO Joel Gascoigne with the subject line “Buffer has been hacked — here is what’s going on”.

We rely on Buffer to handle all the iDoneThis social media accounts, so I braced myself for all sorts of toil and trouble as I clicked on the email. It began:

I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now….

Fortunately we hadn’t been affected, but I continued to follow updates as they unfolded. Throughout, Buffer was transparent, responsive, and reassuring. They disclosed, accepted responsibility and apologized for the security breach. They communicated not just what they knew but gave us a heads up about their next steps and guidance on what we could do to protect our accounts in the meantime. They also continued posting updates and answering everyone’s questions while resolving the problem.

What happened next is a testament to the strength of Buffer’s response. Joel reports that the pattern of upgrades to paid plans was unaffected and that while there was a spike in downgrades from Buffer’s paid plan, the numbers evened out to normal levels within a few days. Most interestingly, Buffer saw “almost record numbers of signups” during the days of the breach, which Joel surmises was due to the positive press on how they handled the breach.

buffer company culture during crisis

The supportive response of Buffer customers was amazingly positive and understanding. With every update, people posted encouraging comments, tweets, and messages. As Buffer’s Chief Happiness Officer Carolyn writes in the latest Happiness Report, “I was floored by the patience and extreme kindness of our listeners and followers,” and this goodwill existed largely “due to our dissemination of information as soon as we had it.

image

Better Be Human than Have No Comment

It turns out that Buffer’s transparent, prompt, and empathetic response to this hacking incident is the optimal type of reaction for a business responding to a crisisResearch by Adam Galinsky and Daniel Diermeier from Northwestern’s Kellogg School of Management shows that  the best type of crisis response is one of engagement, meaning that it expresses concern, shares information, and doesn’t close off blame or fault.

One experiment showed the impact of such a response. Study participants read a (made-up) news story about a beverage company alleging a hostile work environment of sexual harassment before they evaluated bottled water from the company in the story. When the company gave an engaged response that such hostile behavior wouldn’t be tolerated and that they were taking the allegations seriously by conducting an investigation — people thought more highly of the company, drank more of its water, and even thought it tasted better.

In contrast, a “no comment” from the company was almost as detrimental as a defensive response denying the allegations and refusing changes to current practices or any investigation. In these two cases, people drank less of the company’s bottled water, said it tasted worse, and were less likely to drink the accused company’s water than an unrelated company’s.

image

The quality of the company’s crisis response in the eyes of the consumer was powerful enough to affect or “contaminate” what the researchers called “logically unrelated behaviors” such as taste.

In an interesting twist, when researchers presented actual executives with this scenario, they correctly predicted that an engaged response would lead to the most positive reaction but thought that a “no comment” reaction would be better than a defensive response. This “suggest[ed] that executives may be overly optimistic regarding the public’s ability to withhold judgment if they delay providing an official response to the crisis.”

As a customer, it’s delightful to get a response that sounds like it’s from a real human being with real human feelings who will actually do something for you rather than a robot that immediately minimizes the existence of a problem. So Galinsky and Diermeier’s findings that trust requires transparent and caring communication can seem over-obvious. What’s telling is the divide between customers’ experience compared with the point of view of many businesses who still operate as if silence and the appearance of control — even when untrue — is golden. Nobody likes getting left in the dark or getting the run-around.

Creating Transparency Grooves

At the same time, it’s not uncommon for people to operate in “no comment” mode or radio silence themselves — and this may be especially true when their work isn’t going well. It’s uncomfortable and scary to have to admit to having difficulty so people don’t say anything. Yet such times are exactly when others want to know what’s going on so that they can help.

In contrast, Buffer has a culture of internal engagement, habits of expressing concern and being forthright not only about positives but failures too. Known for its daily practice of extreme transparency, the team regularly shares information including how much salary and equity everyone gets, sleeping stats, specific self-improvement steps, in addition to what everyone is working on. Their default to transparency in how they operate, make decisions, and treat each another provides an integral foundation.

One of the most admirable aspects about the hacking incident is how the entire Buffer team went into all-hands-on-deck mode over a weekend and as a distributed team. They were able to come together and coordinate the technical investigation and customer support — because that’s simply how they operate everyday. Likewise, customer trust on the whole stayed true, not just because of Buffer’s engaged response but because that’s what they’ve been doing all along — being responsive, thoughtful, prompt, and honest through all times, crisis or not.

When the groove of company culture grows deeper with every passing day, such values and practices become second nature and emerge that much more easily when the going gets tough.

Liked this post? Subscribe to our free newsletter for more great content on productivity, startups, and how to work better!