Special Gifts for Your Privacy! The Game is On

A ticketing website has been sending a follow-up mail to users seeking verification of their mobile numbers and linking this demand to a blogpost published six months ago

 

A blog post on ticketing website bookmyshow.com suggests that following instances of data compromises the company is further tightening security measures for which they are asking users without a verified mobile number on their profiles to follow a simple process of verification.

The post urges users to keep passwords unique for different websites and claims that they faced a few incidents where user accounts were misused to purchase gift vouchers and tickets, especially those linked to certain wallets or quick pay options. However, it refrains from naming any such instance or companies around which these instances occurred.

It highlights the increase in data breach reports of reputed internet companies and rising data security concerns and informs readers that the company has therefore “decided to address it well-beforehand and shares a few highlights:

  • User data is 100% encrypted and secure in accordance with PCI Standards
  • The data is stored using a hashing algorithm and decoding is highly unlikely unless it’s a common word
  • That the company has stopped all email-based registrations more than a year ago and
  • That BookMyShow new registrations are either with the mobile number and OTP or linked to social logins Facebook and Google

It further informs readers that the company would be sending emails to all customers who do not have a verified mobile phone number on their profile with a link and steps that will enable them to do so.

Sounds like a much-needed step though what the post doesn’t mention is that by logging in using any of the social logins, users are automatically sharing information about themselves not only in the public domain but to the two global giants who are facing more than one legal case for using such data to bombard us with targeted advertisements.

It also does not explain why one needs to verify the phone number when the website is already allowing you to book tickets and make payments through credit cards or net banking linked to one’s account.

However, the company does reiterate that the affected customers were part of data breaches on various other consumer internet platforms were using the same password for their BookMyShow account as well, thus indicating that it was actually our fault that the data, if at all they were breached, was our fault.

All very well. But, once again there is no explanation as to why they company is emailing us with a request to verify our registered phone number when the app doesn’t suggest that anything is amiss and continues to function as always. If the verification was indeed an issue, wouldn’t one expect the app to seek the same? Or are we missing something here?

Oh! By the way, this user had recently updated the latest version of iOS13 on the iPhone XS and it came to light that the one app that was accessing the Bluetooth on this phone regularly was none other than BookMyShow.  Why and how mobile apps do so when they actually have no need to is explained in this earlier post.

Mobile apps are increasingly asking users to login using their social accounts or mobile phone on flimsy reasons, usually revolving around special offers and other benefits. It would be worth our while to understand what we are getting in return for voluntarily giving up data related to our location, shopping preferences and other such stuff that constitute our privacy.

Of course, BookMyShow may have altruistic reasons for suggesting such verifications, but given the challenges of privacy protection that the world is facing, would it make sense to refrain for the time being?

Your answer is as good as mine!


TAGS: Privacy, Data, Bookmyshow, Mobile Apps