The Security Breach We All Feared Has Happened
Hackers have access to millions of “Authy” app customer email addresses. Of all the platforms and services one doesn't want hacked… 😞
by Tod Maffin (email • LinkedIn • social media)
Today's News
Hacked: “Authy” Two-Factor Authentication App
TikTok: Spend Down, Prices Up, Growth Stalled
Google Ad Changes Roundup for June 2024
Instacart Users Using “Reorder” to Track Gouging
Boost Your Instagram Engagement with “Sends”
Privacy-Focused Proton Platform Adds Documents
Hacked: “Authy” Two-Factor Authentication App
A major hack has put millions of accounts at risk — and the hack happened at the one place you don’t want it to: A provider of two-factor authentication services.
The service in question is called Authy — it’s a two-factor authenticator app that competes with the popular Google Authenticator. It’s one of those apps that generates a six-digit code when you’re trying to log into a web site.
The company that owns Authy is Twilio – the large SMS marketing platform. It says hackers were able to get data associated with millions of Authy accounts, including phone numbers. This happened apparently because Twilio left an API endpoint without any login requirements.
The hackers posted their find on a forum and claimed to have downloaded 33 million phone numbers of account holders.
The risk to your brand
TechCrunch spoke to Rachel Tobac from SocialProof Security who explained:
There’s not a lot you can do, other than to update the mobile app and change your password there.
History repeats itself
This is not the first data breach Twilio has suffered. Two years ago, a group of hackers got into the files of more than 100 of its clients. With that data, they conducted a huge phishing operation around the world.
In the end, 10,000 employee credentials from at least 130 companies were stolen.
🎁 Everyone who guesses will be entered in our monthly draw for a full year of our Premium Newsletter free!
Sponsored
Return on Influence
Discover what other influencer marketers are doing behind-the-scenes to run profitable influencer marketing campaigns. 3 tips, twice a month. Always free.
TikTok: Spend Down, Prices Up, Growth Stalled
Ad spending on TikTok has been growing year-over-year, but the pace has slowed since a potential U.S. ban was announced in March. According to MediaRadar, ad spend in March rose 19% compared to the previous year. However, growth cooled to 11% in April and 6% in May.
Nine out of 20 advertising categories saw month-over-month increases in April, with consumer services leading the way, up 115%, according to Sensor Tower.
Despite this, the average daily spend on TikTok dropped by 2% month-over-month in April. Four of the top 10 advertisers, including Target and DoorDash, reduced their spend.
Some brands have shifted their focus on TikTok from brand awareness to performance-driven goals since the potential ban announcement. Some analysts say that shift caused that deceleration in ad spend growth.
Spend down, price up
TikTok’s CPMs for upper-funnel metrics increased by 15% year-to-date.
User growth stalled
And TikTok's user growth, especially among younger people, is stagnating.
The percentage of weekly users aged 18-24 has dropped from 35% in 2022 to 25% in 2024, while users aged 35-44 increased slightly.
Average daily time spent on TikTok also decreased, though only from 52 to 51 minutes.
Google Ad Changes Roundup for June 2024
Every other week, our Google ads correspondent Jyll Saskin Gales walks us through the latest platform changes. Jyll spent six years at Google in a senior ad role, and today runs the Inside Google Ads training program.¹
Summary
Brand restrictions have been renamed to brand inclusions for clarity.
Negative keywords will now exclude misspellings.
Misspellings will be visible in search term reports, providing more control and optimization.
The updates may encourage more use of broad match keywords.
Google may be moving towards more automation with these changes.
The updates are seen as a net positive for most users.
Watch the Interview
Transcript
Google announced some updates to query matching last week. Was this a big deal?
I'd call this a medium deal. Really two separate things that I guess Google just bundled together for us.
How brand queries are handled
How misspellings are handled
On the brand side, brand restrictions are now renamed brand inclusions. It's more clear because we used to have two features, brand restrictions and brand exclusions. So now we have brand inclusions. Brand exclusions and brand exclusions.
They work like they sound; if you add brand inclusions to a broad match keyword campaign, it lets it know what kind of searches you would like to show on. If you add brand exclusions, it lets it know what kind of searches you don't want to serve on.
Practically, this is because when you use broad match keywords, it gives Google permission to show your ads on anything related to the keyword, which can include very broad terms. Because of that, your own brand queries and even competitor brand names can sneak in there. With brand exclusions, you can say “I want to use broad match keywords but not advertise on my brand” or vice versa.
So that's the first part of the announcement. The second, misspellings, part is a little unexpected.
Right now, to exclude misspellings, you have to manually exclude every potential misspelling. Now, when you add a negative keyword, Google will automatically exclude misspelled versions. Additionally, misspellings will now be included in your search term report. This change will make about 9% more search terms visible. Previously, many misspelled terms were lumped under other search terms, but now they'll be visible, allowing for better optimization. More visibility and control are rare to get from Google, but we're getting it here.
Whenever Google makes these announcements, there's usually a bit of good and bad. This feels like a net positive at the end of the day.
It is a net positive. The average Google Ads user might not see much difference, but practitioners will benefit from the brand inclusion and exclusion features and the visibility of misspellings. The hidden reason for these changes might be to encourage more use of broad match keywords and allow for more automation with formats like performance max, which could take over accounts with fewer keywords and controls. But that's just my theory.
In the end, it's fairly good news.
Be sure to check out Jyll’s Inside Google Ads training program¹
Instacart Users Using “Reorder” to Track Gouging
A really interesting piece in Business Insider this morning talks about how consumers are using the “reorder items” function in Instacart’s mobile app to see just how much prices have gone up in the last few years.
One fellow profiled in the piece compared his past and present grocery bills and found his $35 order from 2019 would now cost more than $62 if he re-ordered the same products. He shared his on TikTok, where’s it’s gone a little viral.
#greenscreen #greenscreensticker #grocery #inflation
Another TikTok user reported that their Walmart+ order tripled in price over just two years, possibly due to the app replacing out-of-stock items with pricier alternatives.
It‘s more than inflation, right?
Don’t blame inflation alone for it — cumulative inflation over the past five years is around 23%. That’s high, for sure, but it’s not triple.
Part of the issue might be shrinkflation, which reduces item sizes.
And of course, it’s the outliers that tend to go viral. In its coverage, Business Insider analyzed past Instacart orders from Los Angeles and New York City. One order from 2020 increased 22% over four years; another was up 17%.
The impact on marketers
All that to say, if your prices have gone way way up in the last few years, and you’d rather not make it obviosu
Boost Your Instagram Engagement with “Sends”
Every social media platform has its own tic:
On YouTube, it’s “Smash that Like button”
On Facebook Marketplace, it’s “Is this still available?”
And on TikTok, it’s often “Send this to a friend.”
The creator doesn’t really care about your friend — they care about you tapping that “Send” button. On TikTok, it’s considered one of the strongest algorithmic signals. Your video will get more reach if 100 people Send it to a friend than if 100 people tap Like.
Now, Instagram appears to be picking up on that and some new advice from the app’s head says you should do that as well.
You might have even seen them moving in this direction. They recently started showing how many sends were logged for each post.
This has been in testing for a year or so, but looks like it’s rolling out more widely now.
How to get more engagement
A recent Harvard Business Review study of tens of thousands of posts found that while you can exploit emotion to get engagement, there is a specific emotion you should reach for if you want that engagement to be a Send or Share.
So again high dominance is an emotion that’s within the user’s control — a feeling they can regulate. Low dominance is the opposite, think anger or fear.
Privacy-Focused Proton Platform Adds Documents
Proton, the privacy-focused email platform, has launched a new document platform that would compete with Google Docs.
The Proton Docs system, though, is end-to-end encrypted — meaning that, not even they can see what’s in the documents.
This starts rolling out today, starting with a web-based documents editor. It includes everything you’d expect: changes, formatting, and adding links and images, and the likes.
Collaboration features like real-time editing and commenting are also built-in.
Proton Docs encrypts not just the content but also keystrokes, mouse movements, and file paths, making it unique among the major document editors.
Google Docs is not end-to-end encrypted
It might come as a surprise to many that Google Docs does not offer true end-to-end encryption (E2EE) for all users.
While it does encrypt files in transit and while they’re being stored, Google holds those encryption keys, which means that Google has the ability to access and view the contents of your files any time they want. (Organizations that pay for Google Workspace can use client-side encryption, which encrypts files before they are uploaded to Google Drive, with only the customer holding the encryption keys, but it’s still not truly end-to-end, which is considered the gold standard.)
Chart of the Week: Ad Spend 2022-2027
In Brief
THREADS: Meta announced today that Threads is now used by more than 175 million users. But that’s people who sign on at least once a month. The more important metric is those who sign on daily. Meta has not shared those numbers yet, which — as The Verge notes — “suggests Threads is still getting a lot of flyby traffic from people who have yet to become regular users.” [more]
AD TARGETING: The IAB Tech Lab final report on Google’s Privacy Sandbox is out and the group concludes that Google’s new Sandbox will limit the marketing industry's ability to deliver targeted ads, putting smaller companies and brands especially at risk. [more]
WALMART: An interesting thinkpiece at MediaPost for those of you who spend time in the retail media space — it takes a deep look at Walmart’s entry into the space: Both on the ad side and the fulfillment side. [more]
– 30 –
Get to Position #1 before Prime Day
Right now is the perfect time to engage micro-influencers who genuinely use and advocate for your products – moving you up the rankings in the process. Create a trustworthy image that attracts more customers and boosts your sales effectively.
Upgrade Your Media Buying Skills:¹
Google Ads for Beginners
Inside Google Ads: Advanced
Foxwell Founders Community
Foxwell Digital Courses
Tools We Use and Recommend:¹
Marketing tools: Appsumo
Podcast recording: Riverside
Email newsletter: Beehiiv
¹ Some links provide affiliate revenue