The Ticketfly breach is a good reminder that people should avoid providing services with personal information whenever possible. Ticketfly requires that users provide a full name, billing address, and phone number when using a credit card to buy tickets. But like many services, Ticketfly didn’t check the validity or completeness of most of the information supplied. That made it possible for people to give incomplete addresses and names and list non-existent phone numbers such as 555-1212 and still order tickets.
Some sites are more lenient with incomplete or incorrect information than others. A surprising number of sites will accept completely fictitious addresses such as 123 Any Street. Others will accept a small portion of a correct billing address such as the number portion and the first three or four letters of the street name. Users typically must experiment when using a new site or service to see how much incorrect or incomplete details it will accept.
People should also consider using a
separate email address for services they don’t particularly trust to prevent more sensitive email addresses from becoming widely known. Another measure users of Gmail and some other services can take is to append a unique string containing a plus sign and a domain to an existing email address. For instance:
dan.goodin+ticketfly.com@arstechnica.com,
dan.goodin+amazon.com@arstechnica.com, and so on. It’s never a bad idea to sign up with Have I Been Pwned to get a notification when one of your email addresses has been exposed.