Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 1 down vote favorite
1

I almost (ALMOST) permanently overwrote the only config file (e.g. no backup) that contained an encryption key for user logins. This would have disabled my clients' ability to login to my site and also made it impractical (if not unethical) to hack their encrypted passwords.

In the grand scope, nobody's died here; but, as a fledgling website, any annoying thing could prevent users from coming back.

Let's say I did make the mistake that affected ALL my users.

How would I then go to them and acknowledge fault?

Is it simply a matter a of emailing something to the effect of

Dear Client, We messed up. We are sorry. Here is what you need to do to fix.

Or maybe a little bit more detail? More chagrin?

I'm guessing there's no single "right way" so a general rule of thumb would be helpful.

share|improve this question
Also consider putting your application under version control. Use Github, get the pro version if you don't want the application source to be public. – BhargavPatel Dec 25 '12 at 18:08
1  
@BhargavPatel It was the production config file that was not backed up; everything else was already under source control. I now have production config file backed up. – ray023 Dec 25 '12 at 18:28

3 Answers

up vote 3 down vote accepted

Obviously, admit your mistake, apologize, and include the steps they need to take. I'd recommend including enough information that they understand why it happened, in addition to what steps you are taking to ensure it doesn't happen again. For your situation, that would say that critical data was accidentally deleted and that you are putting in place a DR plan and backups to prevent any future data loss.

share|improve this answer
up vote 3 down vote

When problems arise, many companies practice "full disclosure" rather than attempt to cover it up.

A good example would be how PHPfogs epic hack was handled.

Others try to hide problems - and fail big time. Airbnb's fiasco is a good example.

Both are still in business.

share|improve this answer
up vote 2 down vote

We actually did that once with a very high profile user. Be honest about what happened but there's no need to dwell too much on the details unless they specifically ask for more. That person continued to use our software despite the mistake. If they like your software, they'll continue to use it. If they don't, well you haven't lost much.

State laws legally require you to notify users of any security breaches involving users' personal information. So if the passwords were actually reset by some other cause that was not your doing, be aware of these: http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.