When websites experience technical issues, the administrators ideally send out some sort of "crisis communication" - how companies/sites communicate with their audiences during a crisis, such as a site outage or login issue.
Twitter experienced a technical issue this morning, related to a security exploit on their site. The blog post linked below is their response, describing the "short story" (simple explanation) and the "long story" (more involved technical description).
The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.
- it was timely - posted the same day as the issue occurred, and/or the day it was resolved
- it explained the problem, both simply and with a more involved history, describing how the problem was identified, through the technical troubleshooting process
- it explained the scope of what assets were affected - "This exploit affected Twitter.com and did not impact our mobile web site or our mobile applications."
- it explained the resolution and any potential lingering effects.
We’re not only focused on quickly resolving exploits when they surface but also on identifying possible vulnerabilities beforehand. This issue is now resolved. We apologize to those who may have encountered it.
This is reassuring to their audience - emphasizing that they are constantly monitoring security issues, and strive to predict future security scenarios. Then they apologized. Whether or not anyone at the company messed up, or was otherwise to blame, effective crisis communication "owns" the crisis and attempts to reestablish customer confidence. Apologies go a long way to this end.
Well done, Twitter.