Elance's customer data has been compromised. While this is harmful to any brand, trust can be restored in the way the brand communicates with their customers about the situation.
Elance is a service that connects businesses and independent service providers or contractors. I think I used the site only once to hire someone to do microfiche research in a New York library. Here is their security alert e-mail:
(click to enlarge)
The message is way too vague and does nothing to help restore trust in their service or their ability to prevent a future security breach. While they have further details on their web site, the e-mail leaves the reader wondering "Who has my data?", "What did Elance do to remedy the situation?," "How long have they known about this?," "When was the breach?" and importantly "What does this mean to me?". They should have been more specific within the e-mail about what they are doing to prevent this from happening again.
The call-to-action on this e-mail is entirely too weak. The e-mail reads "For information on re-setting your password..." when in fact it should say something along the lines of "We strongly recommend that you change your password immediately. Upon your next log in, you will be required to change it."
Finally, given that they admit on their web site that their users may receive spam e-mail and unwanted SMS solicitations, their apology seems limp.
This security breach is a major failure for their tech team and their marketing communications team.
Related post:
