The irony of TicketMaster's breach notification email
TicketMaster has joined the long list of companies to lose their customers' information. As is common, they sent out an email to warn poor sods like me who might have had our details snaffled.
Their email is particularly poor and contains a delightful example of how not to communicate issues like this. See if you can spot it:
In the same breath as warning their customers to look out for suspicious links in emails, they include two obfuscated Bit.ly links!
Anyone can create a Bit.ly link and give it any name.
For example - https://bit.ly/TicketMaster-DataSecurity-Incident.
I've written many times before about Bit.ly and why you should not use it. It stops users understanding where they're going, it trains users to ignore what a link says, it exposes your users to unwanted tracking, and it puts your links under the control of a 3rd party.
If you are ever confronted with a Bit.ly link, add a +
to the end of it to see its destination - for example https://bit.ly/TU-sign-up+.
Companies need to do much better. Professional crisis communications writers need to understand the Internet and how to foster a culture of security.
JP said on bsky.app:
Out of interest, how do you feel about something like this link shortener I prototyped? byjp.me/posts/link-s... — was designed to stop the link rot that makes these services bad but, with some tweaking, may also help with the security side of things you’re describing?
Simon R Jones said on mastodon.social:
@Edent and this is exactly why URLs matter.
Good blog post 🙂
pirnz says:
Here is a 12-month identity monitoring service, and just in case, monitor your bank account. But really, there's nothing you have to do 🙂
Owen says:
Thanks for the information about adding a +
More comments on Mastodon.