Last summer Victoria's Secret launched Pink Collegiate, a college-level clothing line featuring licensing partnerships with 33 schools. Shoppers can buy Pink products branded with labels and logos of participating universities, including the University of Texas, Boston College and the University of California, Berkeley.
In a recent online campaign, Victoria's Secret gave unrepresented schools the chance to join the Pink Collegiate Collection. Users were invited to vote for the school of their choice in an online poll. Schools whose votes hit a critical mass would eventually be incorporated.
Drexel University broke into the Collegiate Collection first. It registered five million votes in a day, marking a successful marketing strategy by any measure — until Victoria's Secret found out most of the votes were automated.
"Another computer science major and I had found the Facebook group promoting the contest and […] we thought it would be funny," said Tim Plunkett, a junior at Drexel. He and a friend created a Perl script that logged over five million votes for Drexel in 12 hours.
Plunkett attributed his success to the lax security protecting the VS contest site. Over time, programmers from different schools — including MIT and Virginia Polytechnic Institute — competed to see who could infiltrate the site the quickest.
According to UWire, nearly all schools in the Collegiate campaign's Top 25 are the result of rigged program-generated voting. (A developer at MIT, for example, says his work alone elevated Zion Bible College and Wellesley to the top — just for gags. MIT purportedly earned a ban for his zeal.) The contest page now includes a disclaimer that reads, "NO cheating! Automated votes will NOT be counted!"
A new campaign security system permits users one vote per day, but ambitious programmers remain nonplussed. "[It's] not done correctly so could be messed with again," said senior Travis Taylor of Texas Tech, who added such online polls are difficult to make secure.
"Corporations in general need to take online security seriously," Plunkett advised.
Such advice may be sufficient for a corporate website, but engagement-building campaigns like this one may benefit more from the occasional hacker glee. Beyond adding unlikely tech schools and girls' colleges to the Collegiate Top 25, little harm was done; and few brands are fortunate enough to elicit a cultural hijack at all.