Skip to main content

Malaysia blogger discovers major glitch in Maxis online billing platform that accesses random accounts

When blogger Arysan decided to access his phone bill online, he discovered a major glitch in the telco’s online platform that led him to random accounts of other subscribers whenever he logged into his account.

Wrote Arysan,

So today, i was logging in my maxis account and i found that it has logged me on a different account. And each time i logout, and re-login, it will bring me to another new account. And i’ve been seeing other people’s emails and telephone number and also be able to browse their phonebook that they backed up with maxis. THIS IS A HUGEEEEE breach of privacy. I tweeted about it and got re-tweeted by some of influential people. And later got a phone call by Caroline (their social media rep i think) demanding me to remove my screenshot due to privacy. Ok, i admit that i screenshot the phone number and email without masking it, so fine, my bad. I will now re-post the screenshot whilst masking some part of the number and names k?

Instead of calling a spade a spade, Maxis decided to hoodwink the blogger by responding that he has accessed a test account and the details found was not a valid Maxis account holder.

From Arysan,

Maxis doing a damage control and replied:

“MaxisListens: @arsyan @demonick As a result, customers who logged in to the portal were able to see a TEST A/C which was not a valid Maxis cust’s profile.”

But as you know, bloggers are quite the inquisitive sort. So Arysan decided to send the “test account” an sms and it turned out that what Maxis said was not true.


Image from http://arsyan.com/blog/2010/10/04/maxis-billing-system-bug/

Social media moral lesson of the day – Double check you replies on social media or it will come back to haunt you.

From a brand’s perspective, it can be quite a nuisance to see a blogger finding a major glitch in your online services that could put a dent on the brand’s reputation. But taking on the blogger with a lie isn’t a solution. Maybe it was a lie but the social media respondent was misinformed.

So how should have Maxis respond?

First of all, the glitch, if left unreported or unblogged, could have resulted in more personal accounts being accessed by unknown parties. The blogger was, in fact, doing Maxis a service.

Maxis should have thank the blogger to spotting this and inform the blogger that a team has been put in place to remove this glitch.

Maxis should have also taken the role to provide the blogger with updates of the team progress.

Next, once the glitch has been fixed, Maxis could have inform the blogger about it and also thanked him with a reward for noticing the bug and for alerting them.

From a PR perspective, Maxis should send out a release, apologising for the glitch, highlight the steps that have been taken to prevent the glitch and the remedies to ensure that such a glitch would not happen again.

Dealing with a crisis created by a blogger is no different from how you should handle a crisis with the media. After all, the blogger is the public in public relations.

Comments

Popular posts from this blog

Will mrbrown's post on Mr Tan Kin Lian's thermometer app "misadventure" promote technology ageism?

I am not ashamed to say I support Mr Tan Kin Lian as a presidential candidate because I believed in what he stood for. And when Mr Tan posted his "misadventure" with a thermometer app, I did shake my head in disbelief that he did that. Source:   http://www.mrbrown.com/blog/2013/07/we-could-have-had-him-for-president.html Thinking twice, there could be a possibility that Mr Tan misunderstood how this app work. Most  thermometer app take data from various weather stations to display the temperature on it. Yes, the technology savvy will do a #facepalm when they read the post and mrbrown's post demonstrated it perfectly. Wrote mrbrown , "Maybe the former Presidential-hopeful didn't realize he needed to upgrade to the Pro version of the app. Then his iPhone would not only measure temperature, it would also measure current PSI (PM2.5 included), tell you if you are having your period, and cook instant noodles. Good thing he didn't try to measure boil

How UOB's Paper Trail Amplifies IT Greatest Security Threat

UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form. Yet, this paper trail represented a potential security fail for the bank - Human Error. So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars. When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation. Wrote Robert Capodieci, My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto

NEL Train Fault Shouts Lack Of Crisis Communication

The North-East Line train fault of 11 April 2018 was my virgin experience of a rush hour train fault since I moved to Punggol. One would have thought that with the number of train faults experienced by the North-East Line operator, SBS Transit, they would have improved the communications and handling of train faults. However, my personal experience told another story. First, there were no announcements at the Punggol LRT stations of the train fault even though SBS Transit manages them. The train fault was reported as early as 7.10am as I had a friend who was also stuck in the train. I boarded the LRT at Coral Edge around 7.30am and I didn't hear of any announcement nor was there any signage to inform me o the train fault at Punggol Station. Second, the announcement kept saying that there would be a 15 minutes delay, but 15 minutes passed and the trains, on both side, wasn't moving. If the announcement would be more frank to say it will be a longer delay, commuters would