[swanson]

My hobby: role-playing how I would respond as the CEO if my company was getting skewered on HN. Here is my version!

---

Disclaimer: I'm [not] CIO @ Namecheap

We messed up, big time. While we handle 1000s of live chat sessions everyday without issue, I realize that even one breakdown in security protocol can cause huge problems and a loss of trust for our customers.

In response to this isolated case (in which our established procedure was not followed), we will be creating additional training material for all our live support staff. Additionally, we will be exploring technical solutions to try to make this kind of breakdown much harder. Mistakes happen, but if we can prevent them, it is worth doing.

We also would like to take this opportunity to remind folks that any self-managed server (regardless of provider) should always be backed up in multiple places. For information on how to do this with Namecheap, we've published a guide here: <link>

I've reached out to author of the post already by email and we are working to help them resolve any outstanding issues.

[tamar]

^^ we'll take it. We've been responding for the last 1+ hour to things in real time across several social networks, so we're a little rushed. But thanks for the role play :)

[dennisgorelik]

I like original matthewdrussell's version more.

Overblown/fake apology is not very informative - it's hard to say what exactly can you trust in it.

[helloguille]

You are really good at it

[biot]

Previously, IFTTT: https://news.ycombinator.com/item?id=11379475

[SolarNet]

If I ever run a company that screws up I'm calling you.

[alasano]

I like your response! If only for the fact that I'm seeing people taking apart the real CIOs response like it's code because it's in a numbered list.

[kelukelugames]

That's impressive, can you teach me to write like you?

[swanson]

Formula:

* Actually apologize in a human way

* Show empathy by identifying the impact of what happened to customers (not your impact internally)

* State action items that you've created, even if they are just in 'evaluation' state

* Indicate that the specific incident in question is being handled outside of this forum

* Take responsibility for things even if you shouldn't "have to"

[voltagex_]

For a "what not to do", have a look how (the CEO of?) FTDI responded after they were caught intentionally "bricking" chips that were detected as counterfeit by the Windows drivers.

[Namidairo]

Last I heard, these tainted drivers from FTDI weasled their way through WHQL and into Windows Update...

[kobayashi]

If you're actually interested in the topic, here's an absolutely fantastic blog post on the subject:

http://blog.statuspage.io/why-public-apologies-suck

Some important bits:

>4 PARTS OF A BAD APOLOGY

- Justifying the offending actions or words.

- Blaming the victim.

- Making excuses.

- Minimizing the consequences.

>8 PARTS OF AN EFFECTIVE APOLOGY

- You actually have to use the words I’m sorry.

- Acknowledge that you messed up. (As in, “I take full responsibility for my words.”)

- Tell the person how you’ll fix the situation.

- Describe what happened, but without foisting the blame off on someone else.

- Promise to behave better next time.

- Make sure the person knows you know exactly how you hurt or inconvenienced them.

- Much like the first rule, it’s important to use some version of the phrase “I was wrong.”

- Ask for forgiveness.

[infinite8s]

It just requires thinking from the perspective of the person reading it, instead of trying to CYA.

[mightybyte]

Go out right now and get the book "Crucial Conversations". It is BY FAR the best book I've ever read on this kind of thing. It is simultaneously the best relationship book I've ever read and the best business book I've ever read. It goes through the basic principles for handling these situations in an easy to understand way.

[kelukelugames]

This should become a thing. I want to make a Tumblr now.