May has been a terrible month for services that offer users a free system in return for data collection / future upsells. We’ve had massive data leaks sitting alongside misplaced data, and in general users, of major services have been left with very little in the way of answers. In this article we ask the question as to just how free services can get away with this poor protection for data and what customers can do.
One of the biggest problems affecting the world of SEO right now is that any Google Analytics data that was tracked for April is not showing in user accounts. This problem was highlighted by Google on the 9th May and they have since advised it will not be resolved until 23rd May.
This means 14 days of no benchmarking on past data and no ability to show clients data in April. As Google Analytics is a free service there is nothing users can do to speed up the process and it’s just a case of sitting and waiting. You have to wonder whether Google AdWords, one of the main revenue drivers for Google, would receive a much quicker resolution than 14 days.
What Can Customers Do: Install another Analytics service on your website to ensure that if one ever goes down you’ll have a backup set of data.
Sony Playstation Network
Easily the most high profile freemium service to see user data hit in 2011, the Sony Playstation Network saw Millions of user details stolen. In fact it was such a bad attack that Sony stopped all online services for almost a full month.
Sony need to be sure they have patched the leak before they reopen the network, but the extent of this delay is what has offended so many. It also raises concerns as to whether Sony could build in adequate security measures for a free service. Xbox Live is a mostly paid service, which was not hit by an attack. After PSN was hit, Xbox Live would have been a target for a lot of hackers who wanted to achieve the same thing. It has yet to fall, leading many to suspect it has far superior security measures and has more incentive to keep them maintained due to higher income for the channel.
What Can Customers Do: If you have a PS3 you’re stuck until Sony say so, which is far from ideal. Customers are at the mercy of Sony, and there’s no alternate provider for the console. The strongest statement a customer can make is to boycott the console.
The privacy settings of Facebook are under constant scrutiny, and it isn’t unsubstantiated either. In July 2010 Rob Bowes, a security consultant, was able to gain the Facebook data of 100 million users. eConsultancy reports that he then gave away these details for free. Any marketing company could grab these details and do with them whatever they wished.
Bowes did this to highlight a hole in their security and to promote his tool, Ncrack, and he didn’t really have to try that hard. He simply scraped publicly available information and compiled it in to a single spreadsheet. Anyone could get this data for one person, and the fact Bowes was able to do it for millions just exploited an already available loophole, just with greater ramifications.
What Can Customers Do: Block every single one of your Facebook details from all but your friends, or don’t publish anything on Facebook you wouldn’t want to be public knowledge.
We expect blogs to be free, but we still expect them to be safe. One of the most visited network of blogs in the world Gawker had to urge all its subscribers to change their passwords when their user database was hacked. Users were also advised to change passwords on any other websites if the same password was used there too.
Gawker may be free for users, but it makes millions in advertising revenue every year. It would have plenty to invest in creating a secure database of user details and protecting this data. It could be argued it’s not their fault they were hacked, but Gawker acknowledged this as a problem on their part and that they “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems.”
What Can Customers Do: If customers use unique passwords on each website then this isn’t too big a concern. If you ever feel your account has suspicious activity then report it to the site owner.
Blippy let’s you share purchasing information with friends and for a short time it also shared credit card details with everyone else. In the early days of the site Blippy could easily be scraped by Google, and when the Googlebot came along it also took user credit card details as well.
Shortly afterwards Blippy stopped Googlebots crawling this data, but this was a leak of data that clearly wasn’t properly protected. Blippy should have used secure servers for this data and they’re lucky it only affected four Beta users of the site. Even if a website is in Beta the protection of data should be a top priority. They made it worse too by calling it “no big deal“.
What Can Customers Do: If you don’t feel a website is established enough then don’t enter any sensitive personal information. It’s just not worth the risk.
Email Marketing services aren’t safe either. Nekkid Ninjas noticed their users were getting spam emails, including one user who had only ever used an email address on their site. They investigated the issue and found this was due a hack of iContact which was also reported on other sites.
What Can Customers Do: With email spam becoming less effective the hacking of email websites is going to increase. When joining an email list check who the provider is, if you’ve never heard of them then don’t give your details.
Free stuff is a wonderful thing but it should never mean a bad service. If you are offering customers a free or freemium service then you have a responsibility to keep their data protected and provide a good level of support.
It’s not enough to say that it’s the fault of hackers; if you are a big website / brand you have to assume that there is a good chance that you’re going to be hacked and therefore need to protect customer details based on the threat level. As a website gets bigger it needs to take more steps to stop data leaks. If that’s not something that can be delivered then you need to rethink your business model.