Posted on June 20th, 2011 by Nicole Kobie

Are security breaches really bad PR?

There’s a general belief in the security industry that being hacked is bad for business: it makes your firm look careless and will cost you customers.

I’ve always wondered if that’s true. Will Sony lose gamers’ hearts because it lost their password details? Will Citi Group, Sega, or any other recent target go out of business over a hack? Or is the PR fallout from a breach not actually as bad as the security industry says?

One website stands accused of purposefully testing that theory. Beautiful People is a dating website that — as the name suggests — only lets beautiful people join (although I’ve always wondered why attractive people need dating help from an algorithm?). The site filters out the “ugly” people — that would be us normal people — via a Hot or Not style voting system.

Today, Beautiful People announced it had been hit by a virus, which it dubbed the “Shrek Virus”, that had allowed ugly/normal people to slip though the vanity filter; it has booted those 30,000 would-be daters, refunding those who had paid to sign up.

It’s a fantastic piece of chicanery, of course, designed to boost awareness of the dating website

“It was initially thought to be one of the 5.5 million BeautifulPeople.com rejects, but further investigations point to a former employee who placed the virus before leaving the team in May,” the press release says, actually referring to would-be customers as “rejects”. “Despite wreaking havoc with the application process, member privacy and security was never breached.”

And that’s all rather convenient, notes Sophos security researcher Graham Cluley. ”It’s a fantastic piece of chicanery, of course, designed to boost awareness of the dating website, get them many thousands of pounds of free publicity with little risk of damage to their reputation,” he says in a blog post.

“So, lots of publicity for the website but nothing for current or future members to worry about then. How convenient!” he adds, noting the site’s PR firm has previously used somewhat similar tactics. (Of course, as The Register points out, Cluley’s job is to get press coverage for Sophos, so “we’re in danger of being sucked into a conspiracy feedback loop”. And to pre-empt the inevitable comments: I realise I’ve fallen for it and have handed coverage to both.)

Real hack?

Beautiful People’s PR assures us the hack is real, but as the investigation is ongoing, not many details are available. Perhaps more worryingly than a maybe/maybe not hack is that the site’s spokeswoman sent me photos of some of the so-called “rejects” for publication (I’m not that mean).

Asked whether that might be a privacy issue, she assured me the applicants had signed away the rights to their photos, and the site could use them as they saw fit. Yes: if you apply for Beautiful People, they might use you as an example of a reject — now that truly is ugly.

We’d like to find anyone rejected by the site during this virus-induced purge, just to prove it actually happened. We promise not to laugh at your failure to join the ranks of the Beautiful People; one look at our column mugshots should confirm that looks have never been that important to PC Pro.

Tags: hack, Security

Posted in: Newsdesk

Permalink

Follow any responses to this entry through the RSS 2.0 feed.

You can skip to the end and leave a response. Pinging is currently not allowed.

11 Responses to “ Are security breaches really bad PR? ”

Chris Gomez Says:
June 20th, 2011 at 3:03 pm
Wow. I’m just incredulous about the concept, never mind the (maybe) hack.
Arek Says:
June 20th, 2011 at 4:01 pm
“The site filters out the “ugly” people — that would be us normal people”

Nicole, judging from your photo I’d say that’s definitely false modesty
JohnAHind Says:
June 20th, 2011 at 4:14 pm
Can’t help thinking this web site is psychologically as well as technically flawed.

I’m currently seeking backing for two new dating sites:

bouvier.com will hook up beautiful people with rich/famous/powerful people of limited mortality.

golightly.com will match beautiful people with ordinary-looking sensitive doormats guaranteed neither to outshine nor to judge them (and help them look after the cat).

In both cases the business plan leverages my technical incompetence to generate free publicity!
M Viracca Says:
June 20th, 2011 at 4:19 pm
That reminds me, you took down the page with all your mugshots on them, which would have helped me when listening to the podcasts. Any chance of putting them back up, updated of course.
lokash20 Says:
June 20th, 2011 at 7:04 pm
Maybe the PC Pro mugshots page was hacked by some turkey at Bootiful People?
Steve Cassidy Says:
June 21st, 2011 at 10:23 am
@JohnAHind: both those ideas are taken, I think you will find, by the many-headed octopus that is the “Alt network” and/or the sugary evil of “seeking arrangement”. It would be nice to be able to make a clean moral verdict on anyone found surfing either of these hells, except that their marketing approach is a case-study in redirecting the innocent.

Also one should short-circuit any criticisms of the worlds himbos and bimbos on the grounds that they should “think about what they are doing”. Lots of studies have shown that people in the top percentile of attraction ratings are in the main, less well qualified, poorer, breed earlier, have a lower standard of living… almost any metric you want to pick gives them a raw deal.

Given that I’ve had guns waved in my face, back in the day, by people desperate to get into a nightclub, I can well see how hacker dudes would rate the beautiful people site (or the 3 or 4 others I’m aware of which I won’t explicitly point to here) as a major feather in their cap – and that answers Nicole’s question about why BPs need a protected place to relax. It’s no fun existing for other people solely as a scalp to be won and then discarded.
Stuart Says:
June 21st, 2011 at 5:20 pm
The Shrek Virus? Of course this is marketing hoax. A virus named after a film character which is a prince who has been turned into a hideous monster.
David Reich Says:
June 22nd, 2011 at 4:20 pm
Hey, doesn’t anyone get how bad this stunt is? A hoax is taking advantage of people. If I were tricked by this, I’d never trust this company again and I’d probably avoid their product or service because they obviously think so little of the public.

And the fact that the company or their PR firm put out a fasle news release — on PR Newswire, no less — is a real breach of ethics. If I were a journalist, I;d never take any information from this company or PR agency again.

Shame on them! Next time, why not try to get publicity the old-fashioned way — using honesty and creativity, not sneakiness.
Chris Clark Says:
June 23rd, 2011 at 8:09 am
Beautiful or otherwise it is better to disclose you’ve been hacked, and sorted it, then to have the press find it and tell you first. It builds trust.

What is not so good is to then get re-hacked.
David Taylor Says:
June 23rd, 2011 at 5:08 pm
This is still a breach of the data protection act (7th principle). Maybe somebody should make the ICO aware of their PR shenanigans at the expense of the act.
Alan Says:
June 24th, 2011 at 12:16 pm
@David Taylor

Where – or what exactly – was the breach of the principle. Think about it.. ” requires appropriate and organisational measures to be taken against unauthorised or unlawful processing of data and against accidental loss or destruction of, or damage to, data” What was the unlawful processing of data, or the /accidental/ loss.

There was no breach, there was no leak of data. What BP /alleges/ happened is that people were allowed to join. That is it.

And unless BP is UK based, the ICO has no remit over them.