The irony of TicketMaster's breach notification email


What is Ticketmaster doing to protect customers? We have been working with industry-leading cybersecurity experts, the relevant authorities, including law enforcement, as well as credit card companies and banks. No further unauthorised activity has been seen in the cloud database since we began our investigation. We are offering you a free 12-month identity monitoring service with TransUnion. These services will be provided by Cyberscout, a TransUnion company specialising in fraud assistance and remediation services. You can sign up for this service through the following link: https://bit.ly/TU-sign-up What can I do? There is nothing you need to do. However, exposure of personal information can, in some cases, increase the risk of identity theft or fraud, so it’s always a good idea to monitor your bank accounts. If you notice any suspicious activity, contact your bank and/or credit card companies. Be cautious of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information over the phone. If you have any questions, you can visit https://bit.ly/Ticketmaster-Data-Security-Incident or contact us at ticketmastersupport@ticketmaster.com. Ticketmaster understands the importance of your personal information and we take its protection very seriously. We apologise for having to write to you in these circumstances.

TicketMaster has joined the long list of companies to lose their customers' information. As is common, they sent out an email to warn poor sods like me who might have had our details snaffled. Their email is particularly poor and contains a delightful example of how not to communicate issues like this. See if you can spot it: In the same breath as warning their customers to look out for suspicious links in emails, they include two obfuscated Bit.ly links! Anyone can create a Bit.ly link…

Continue reading →

Bitly finally starts taking privacy seriously


I've been ranting about Bitly for years! The ubiquitous link shortener had an interesting "feature" - add a + to the end of the URl and you could see all the statistics for the link. How many clicks, referers, location of users. Here's a blog post I wrote about it way back in 2011. I often used this feature to explore how popular companies and scammers were: Terence Eden is on Mastodon@edentThis is why we don't use bitly in our work.*Anyone* can add a + to the end of the URl and see where…

Continue reading →

Bitly Emoji Links


Weird symbols in the bitly dashboard.

Popular URl shortner Bitly allows users to customise its links. This means you can have all sorty of weird and wonderful character in there. For example: bit.ly/󾰀󾰀 You can also use Emoji! bit.ly/☹ bit.ly/♐ Well, OK, not all Emoji. If you try to use most of them, the Bitly system craps out and generates broken URls, like so: But you can use most Unicode Miscellaneous symbols - some of which may have Emoji style representations on your system. bit.ly/♔♕♖♗♘♙♚♛♜♝♞♟ Please use …

Continue reading →

Anatomy of an Amazon Phishing Attack


Phishing is the devious practice of tricking users into giving away their usernames and passwords to fraudulent sites. It is big business, and the best defence against it is constant vigilance. I'm going to walk you, step-by-step, through a scam that targetted me today. Along the way we'll see how to avoid falling prey to these monsters. It starts with a text I was sent this SMS from a number that I didn't recognise. Let's count the mistakes! In the UK, we place the currency symbol…

Continue reading →

Who is @GCHQ's "barneyrooster"?


The British intelligence service GCHQ has been on Twitter since January 2016 - however they only sent their first tweet today. GCHQ@GCHQHello, world. bit.ly/GCHQhello❤️ 1,612💬 453🔁 010:02 - Mon 16 May 2016 As I never tire of saying, Bitly is a terrible at keeping your data private. Simply add a + on to the URL and you can see some really interesting stats about the link and the user who created it? Let's take a look at https://bitly.com/GCHQhello+ The link was created by a user called "bar…

Continue reading →

Inferring Facebook's Mobile Use Via Bit.ly


Analysts estimates are always interesting to read - especially if you know the real statistics which they are trying to prophetize. Even when someone releases "official" statistics, they're usually hard to verify independently, and even harder to analyse by region. Benedict Evans - who I've had the pleasure of meeting at Mobile Monday - published some very interesting official stats on Facebook's mobile usage. The statistics show that roughly 44% of Facebook use is "not mobile". How does…

Continue reading →

No One Scans QR Codes - Apart From These 25 Thousand People


Earlier this year, I blogged about seeing these QR codes appearing on some train tickets. The campaign itself wasn't that great - a poor call-to-action and a decidedly mobile-unfriendly site - but I was interested in how many people had scanned them. Thanks to bit.ly's practice of exposing everyone's statistics, we can see exactly how well this campaign did. Wow! Twenty-five thousand scans. It's not as good as Tesco's QR campaign (80k scans and counting) - but it's an interesting data…

Continue reading →

The Perils of URL Shortners


I'm not a big fan of URL shortners - bit.ly, t.co, goo.gl, ow.ly, etc - I understand the need for them, but they seem to offer a fairly poor service in terms of privacy and usefulness. Take this recent example from Vodafone. Aside from the obvious downsides (user doesn't know where the link will take them, if it's compatible, link looks like gobbledegook, etc) there is a rather more interesting issue. Goo.gl - along with many other URL shortners - give everyone access to your statistics. …

Continue reading →

Facebook's Mobile Adverts - Real Stats


Facebook has been getting a lot of criticism for its lack of mobile revenue. A fact it tried to hide from its IPO. Much ink has been spilled, but is it really necessary for Facebook to worry? Here's a quick case study. Facebook has, in its infinite wisdom, decided that I would be interested in adverts for cancer. Or, perhaps, AXA have decided that 30 something males are a prime market. The creator of the advert was Equator's Fiona Dow who, judging from her bitly profile just loves…

Continue reading →

Train Tickets With QR Codes


No, I'm not talking about Masabi's innovative technology, but of this rather odd bit of advertising found on the back of a train ticket. There's no specific call to action - but there's not much space to play with. Let's give it a scan... sigh A non-mobile site. With an Adobe Flash plugin in the top right which won't work on any iPhones. Why on Earth do marketing companies insist on pointing phones to non-mobile sites. It really bemuses me. Stations rarely have good signal (too many people …

Continue reading →

More Real QR Statistics


Wandering through London today, I noticed that Southbank London has put QR codes on its posters. I've mentioned before the dangers of using Bit.ly as a QR code generator - as it allows us to peek at the codes' performance statistics. Here are the codes on the posters - click for bigger. As all the codes use Bit.ly so we can see how well they've performed - click on each one for the latest statistics. Not the most impressive of campaigns. Three strong points to note…

Continue reading →

Bit.ly Considered Unsafe (for QR Codes)


(After Ben Metcalfe's post on the the vb.ly sage). As a mobile Internet consultant, companies often ask me which QR generator to use. There are many worth considering, but I always tell clients to avoid bit.ly. The security of Libya Internet organisations are probably not an immediate concern (you did know that's what .ly stands for, right?). What is worrying is how bit.ly exposes your QR campaigns to your competitors. How Does The Bit.ly QR Generator Work? You can use Bit.ly to shorten…

Continue reading →