Skip to main content

Malaysia blogger discovers major glitch in Maxis online billing platform that accesses random accounts

When blogger Arysan decided to access his phone bill online, he discovered a major glitch in the telco’s online platform that led him to random accounts of other subscribers whenever he logged into his account.

Wrote Arysan,

So today, i was logging in my maxis account and i found that it has logged me on a different account. And each time i logout, and re-login, it will bring me to another new account. And i’ve been seeing other people’s emails and telephone number and also be able to browse their phonebook that they backed up with maxis. THIS IS A HUGEEEEE breach of privacy. I tweeted about it and got re-tweeted by some of influential people. And later got a phone call by Caroline (their social media rep i think) demanding me to remove my screenshot due to privacy. Ok, i admit that i screenshot the phone number and email without masking it, so fine, my bad. I will now re-post the screenshot whilst masking some part of the number and names k?

Instead of calling a spade a spade, Maxis decided to hoodwink the blogger by responding that he has accessed a test account and the details found was not a valid Maxis account holder.

From Arysan,

Maxis doing a damage control and replied:

“MaxisListens: @arsyan @demonick As a result, customers who logged in to the portal were able to see a TEST A/C which was not a valid Maxis cust’s profile.”

But as you know, bloggers are quite the inquisitive sort. So Arysan decided to send the “test account” an sms and it turned out that what Maxis said was not true.


Image from http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/

Social media moral lesson of the day – Double check you replies on social media or it will come back to haunt you.

From a brand’s perspective, it can be quite a nuisance to see a blogger finding a major glitch in your online services that could put a dent on the brand’s reputation. But taking on the blogger with a lie isn’t a solution. Maybe it was a lie but the social media respondent was misinformed.

So how should have Maxis respond?

First of all, the glitch, if left unreported or unblogged, could have resulted in more personal accounts being accessed by unknown parties. The blogger was, in fact, doing Maxis a service.

Maxis should have thank the blogger to spotting this and inform the blogger that a team has been put in place to remove this glitch.

Maxis should have also taken the role to provide the blogger with updates of the team progress.

Next, once the glitch has been fixed, Maxis could have inform the blogger about it and also thanked him with a reward for noticing the bug and for alerting them.

From a PR perspective, Maxis should send out a release, apologising for the glitch, highlight the steps that have been taken to prevent the glitch and the remedies to ensure that such a glitch would not happen again.

Dealing with a crisis created by a blogger is no different from how you should handle a crisis with the media. After all, the blogger is the public in public relations.

Labels:

Comments

Post a Comment

Popular posts from this blog

How UOB's Paper Trail Amplifies IT Greatest Security Threat

UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form. Yet, this paper trail represented a potential security fail for the bank - Human Error. So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars. When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation. Wrote Robert Capodieci, My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto
1 comment
Read more

NEL Train Fault Shouts Lack Of Crisis Communication

The North-East Line train fault of 11 April 2018 was my virgin experience of a rush hour train fault since I moved to Punggol. One would have thought that with the number of train faults experienced by the North-East Line operator, SBS Transit, they would have improved the communications and handling of train faults. However, my personal experience told another story. First, there were no announcements at the Punggol LRT stations of the train fault even though SBS Transit manages them. The train fault was reported as early as 7.10am as I had a friend who was also stuck in the train. I boarded the LRT at Coral Edge around 7.30am and I didn't hear of any announcement nor was there any signage to inform me o the train fault at Punggol Station. Second, the announcement kept saying that there would be a 15 minutes delay, but 15 minutes passed and the trains, on both side, wasn't moving. If the announcement would be more frank to say it will be a longer delay, commuters would
Post a Comment
Read more

Singapore radio personality in "hot soup" for reporting train delays based on Tweets?

Update - Hossan Leong has commented on this post to say " I'm not in trouble pls don't blow this out of proportion. Let it rest. It's getting silly. Thank you for your love and concern and I apologize for any misunderstanding." ~  Hossan Leong. Hossan Leong, a Singapore radio personality for The Gold Breakfast Show on Gold 90.5, was censured today for reporting on train delays on the Circle Line because he based the information on Tweets, rather than waiting for the official reports from the Circle Line operator, SMRT.  It is, however, unknown if the "warning" came from Mediacorp producers or SMRT. Tweeted Hossan Leong ,  OK...I reported it on air and now I'm getting into trouble for it?? The CC line is DOWN rite? I did nothing wrong rite? The SMRT Circle Line was reported to be down this morning during peak hours and started as early as 7am. However, local news only received official statement was received by the mainstream media at about 9
14 comments
Read more