Seems like the Buffer team did a great job indeed with their situation. I'm honestly surprised to see a company own up to a breach and try so extensively to keep its users updated as things progress!
My roommates and I play a certain online game that was hacked earlier this year; it was through a SQL injection vulnerability, painfully enough. Thousands of accounts were breached, and quite a large amount of credit card information was taken. The disappointing part, though, was how the situation was handled; several high-ranking player accounts were stolen first, and the hackers posted rather unflattering messages on the game's forums using them.
Rather than admit what was happening, and tell the users to remove their credit card data from the system, the company just said that a few "lucky guesses" of passwords had happened, and nothing more. Meanwhile, more accounts and credit cards were stolen. Finally, two weeks after the breaches started, they admitted that they'd been disrupted quite severely, and advised everyone to change their passwords while they fixed the vulnerability.
I'd have to say that was one of the shoddiest responses I've ever seen to account theft. When something like this goes wrong, you drop everything and fix it now. Pretending like there isn't a very real and very major problem happening is the worst thing you can do!