"I wanted to post a quick update and apologize for the awful experience we've caused many of you on your weekend. Buffer was hacked around 2 hours ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.
Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We're working hard to fix this problem right now and we're expecting to have everything back to normal shortly."
Gascoigne promised to update users on Facebook and Twitter. Updates were then made every two hours or so until the firm felt it had control of the situation.
He also added something personal that didn't backpedal in the slightest:
"I am incredibly sorry this has happened and affected you and your company. We're working around the clock right now to get this resolved and we'll continue to post updates on Facebook and Twitter."
There are remaining questions. What happened? Why? How? How do we know it's fixed? What steps will they take in future to assure it won't happen again, and who is ensuring they're doing it right? Who's auditing the findings? How does Buffer know that the breach did not include user data? Credit cards? Personal information?
If Buffer continues to be as transparent about what happened as it has been about how much money it makes and its breach, I predict it will be much stronger than ever by this time next year.
Sign up for CIO Asia eNewsletters.