Getting serious about online security

Apple’s iCloud service suffered a high-profile hack back in August last year, pushing online privacy and data security to the forefront of people’s minds. Since then we’ve seen lots of big names hit the headlines, including cheating website Ashley Madison and the holy trinity of press release distribution services – Marketwired, PR Newswire and Business Wire. While Ashley Madison’s users are still waiting (nervously, no doubt) to see whether their personal data will crop up online, information from the three press release wires was used over a period of several months, helping corrupt traders make millions of dollars by acting on information from listed companies before it became public. Hacking is big business.

But it’s not just the big boys being targeted. There’s been a lot of smaller scale hacks in the past 18 months too. Kickstarter was breached in February 2014 and, somewhat ironically, security software firm BitDefender admitted having user data stolen in July of this year. More recently, the literary community Wattpad was targeted.

A data breach is never a good thing. In a tech PR sense, it’s the epitome of crisis comms. But companies can still make the best of a bad situation by handling it well, letting users know immediately, and taking steps to prevent this kind of thing from happening again. In practically all the cases above, users were made aware of a breach within days and encouraged to change their passwords. Kickstarter, for example, held its hands up to admit what had happened in less than 72 hours. Not Wattpad though, which took over two months to let users know their data had been compromised.

I’m personally aggrieved by this because I am/was a Wattpad user. I also take online security seriously. So, after ranting on Twitter about how unbelievable this delay was, especially as there’s still a question mark over whether email addresses and passwords were taken, I logged in with the aim of deleting my account. Even as a free service, if a company like Wattpad doesn’t take my data security seriously then I’m not interested in being a part of it. I clicked the button to close my profile and that was that. Or so I thought.

Here’s the kicker – Wattpad makes it notoriously difficult to close your account without the help of their support team. And even then, it turns out Wattpad can’t (or more likely won’t) do it. I contacted Wattpad support and asked them to do the honours. Not just deactivate my account, actually remove it. But that’s not what they’ve chosen to do. It’s still there. Wattpad recognises my username and password when I try to log in, only I get an error message instead of moving to the account page like usual.

This is worrying for a couple of reasons. The biggest concern is, presumably, my data is still sat on a server somewhere. Except now I have no control over it whatsoever. I can’t log in and manually delete the information Wattpad holds on me. I can’t change my address to a random string of letters, or swap any other data for false results. Basically, I’m left hoping they don’t ever get hacked again.

In 2015 this is beyond ridiculous. We’re in the age of multi-factor authentication. Most online services now offer more than a flimsy username and password combination to protect your account. Those that don’t will scrub your details from their servers if requested, or at least they promise to. If anything, my struggle with Wattpad has highlighted the true nature of what can happen to the personal information we so willingly share online.

Security is not a certainty, and there’s no guarantee your data will be deleted even if that’s what the website you’ve fallen out with has promised to do. It’s worth thinking about next time you sign up for that new must-have app or service – your data probably isn’t as secure as you perceive it to be.