Good question. I believe in explaining as clearly as possible, but ultimately in taking responsibility. You chose the provider, decided on the level of risk you're comfortable with, and that ultimately failed. It was that choice that got in the way of your users.
If you can point to ways you'll improve the service in the future as a result of the outage, all the better.
When we had a large DoS attack at Posterous, I wrote two posts, one as soon as possible (http://blog.posterous.com/todays-outage-and-changes-for-cust...), and the next as a bit of a post-mortem (http://blog.posterous.com/moving-forward). Both explained that there were many factors beyond our control, but that the responsibility was ultimately ours, and we were working to learn from the event and improve our services as a result.
They weren't perfect posts, but I think they went a long way toward being open and honest with our users in the midst of a major negative event.
If you can point to ways you'll improve the service in the future as a result of the outage, all the better.
When we had a large DoS attack at Posterous, I wrote two posts, one as soon as possible (http://blog.posterous.com/todays-outage-and-changes-for-cust...), and the next as a bit of a post-mortem (http://blog.posterous.com/moving-forward). Both explained that there were many factors beyond our control, but that the responsibility was ultimately ours, and we were working to learn from the event and improve our services as a result.
They weren't perfect posts, but I think they went a long way toward being open and honest with our users in the midst of a major negative event.