How MTT leaked its customer base
Inadvertently, the MTT employee included in the list, instead of a commercial offer, a list of emails from his 13,000 client-companies for which this list was intended.
I recently had a chance to give the monkey a grenade in my hands, it was so scary that I had to quickly jot down a separate configuration in 1C so that it wouldn’t jerk so much, if that ... years, and things are still there - we hammer nails with a microscope!
We have large companies that allow ordinary mortals and companies in 2 clicks to get a clean city number and land on SIP, one of these companies is MTT. The whole charm in the transparency of such a number is contractual relations and an obvious linkage to the subscriber (against cheap operators, who, sometimes, it is not clear how the number is landed). So I became first a corporate client, and then as an individual.
')
Have you met for a long time with the fact that to get one service you need to buy an elephant?
Here and there. There is a number, but to use it you will need to pay for a virtual PBX. Who understands what they are talking about, they will understand me more than perfectly: a company landing a number, for a certain amount per month, sends calls to your end point, but it does this only via a “toll highway” - this is me about the virtual PBX. The thing for many is absolutely superfluous and unnecessary, but money is worth it — the equivalent of 5-10% of the minimum wage.
Even in times of greater abundance of money, we often paid for the air and agreed with this. And then, the first crisis came, then the second, companies started to miss the money, and the air began to sell, too, more expensive. So, an unnecessary elephant has become more expensive for end users. In my head, of course, an approximate representation was formed of the processes of a large company, which has large expenses for development, coordination of projects, and the like - the rationale for the increase in the price of air seemed to be found. Not to say that I believe in fairy tales, but I always want to believe in something good. I believed again.
How many do not work, but you always work on the system. Sometimes the system has to be changed so that there is more money left for itself, and there are other companies that provide a no less white connection to the telephone network, but at more tasty prices, more precisely, without being forced to use toll roads. So a big company becomes unnecessary and is forgotten about it ...
“We certainly want to keep you abreast of all our changes despite the fact that you haven’t been using our services for a couple of years now” - this is how tons of letters appear in our mailboxes. Just like that. I constantly head over to some projects and look through these letters in order to understand about which company has a problem and how they react - the appearance of any letter was something provoked and often there is useful information between the lines about what happened in the world, while you are like an ostrich, you’ve been digging into your project. ” This time this information was not. Forgot to attach it.
In the next newsletter they forgot to attach a document with which they were asked to familiarize ... Although, no!
They did not forget, but confused - they did not attach the wrong file. Well, wrong man. Anything can happen.
Wait, who was wrong? How wrong? What about personal data? How sekyurnost? Is the security service already dissolved?
For the most part, large companies live solely on the fact that all processes are put on the rails and function confidently. If recruitment, then streaming. If at the machine, then from morning to evening and above one part, each of which will be checked by the quality control officer. Only in this way are resilient systems and companies built up to failures.
We have no money for the laying of railways, we constantly spend on something, but not on what is needed - a fact.
Therefore, there are holes on the roads, because we have couriers from among students with preferential travel cards, so one summer we put lanit at stops, and the next again - asphalt, as if throwing away already unnecessary lanit - an example of how and where the money goes initially convincingly knocked out under the task.
“Never, hear, guys, never check the conformity of the result to what was intended!” - I can explain this to us regularly only with this instruction from the head.
Think for a moment:
a large company organizes newsletter for its customers. To complete this task, you need a list of clients and information that needs to be conveyed. In addition, a large company operates with personal data and a number of laws must comply with, prescribe clear rules for dealing with such data, and the like.
Also, it would be nice to send a test letter to yourself for control, to check that everything looks as it should, it doesn’t contain anything superfluous, lawyers, for good, during a mass mailing they should at least read and say “it is possible”. The security service for its part must say its "yes." And this is not bureaucracy - these gears will turn very quickly and unnoticed if the system is on the tracks. But yes ... we are in Russia.
Recall the years 2000-2004, only computers were widely used, the Internet was actively built in our offices and homes, IT infrastructures were few and only everything was getting up. Then I could imagine a secretary who keeps a file with the data of subscribers and makes a mailing list manually if necessary.
10 years have passed. We have large databases, entire systems that allow us to process and somehow operate information, and most importantly, to control access, protect private data, and the like. Now imagine that all this is there, a lot of money was spent on it, and then we take this expensive microscope and hit it with the full force of the nail head, which sticks out of the wall after the builder’s works - everything is trash.
Warning: I am not an employee of the MTT company, I am an ordinary mortal of this world who is able to perceive, digest information and draw conclusions, based on my experience, recreating one of the possible variants of what happened and sharing with you.
- All customer data can be stored in a centralized database, which actually happened.
- The task of informing customers to solve centrally - it was so. There is a certain system that did the newsletter.
- To form a list of recipients of information centrally - everything is so, I do not argue.
- Hide the addresses of real recipients from any operator. No, that was not done. Employees operated with “bundles” of recipients' addresses — the very same Excel files with lists of recipients.
- Agree on the contents of the mailing. No, it was not done in any way. Moreover, there is an opinion that there are no procedures for coordinating such distribution. Nobody puts a visa "complies with the law / safety rules / legally permissible" and so on.
- Post to test address - for control. This also didn’t have to be done, everything is urgent, we need to do it “yesterday”, so we’ll do everything at once in combat mode. Well, the truth is, why spend half an hour of time checking, rechecking and agreeing, if you can shave off, withdraw the newsletter (still send the newsletter). And in general, we are not afraid of anything, neither bears, nor sanctions, nor laws, nor bosses - it will not give out a bonus anyway, it will flood my offer, and even make an extreme offer.
More briefly about it will flash somewhere in the news, I think, and I tried to convey key information that we are responsible for everything we do. Not the company made a mistake, according to which information about a little more than 13 thousand subscribers became available by this very 13 thousand (and then to the whole world), an error was made by quite specific people performing their official duties, someone just carelessly - careless about work , someone without enough will to argue and prevent the system from operating without modification. Some of the chiefs are overly confident and do not know how to listen to subordinates. We have such a culture - work on the "leave me alone". That is what we need to change, if we want to change anything for our generation and our children. I sincerely believe that if we stop doing “badly”, nothing terrible will happen, maximum - we will lose work, companies, some of us are chic dachas and tons of kickbacks, but the most important thing is that the less low-grade garbage in our lives we do, the more really good works are valued. Every time we do something like this, we don’t give chances for those who do it well to survive - hackers dump the market of professional specialists, pushing our world to chaos. By the way, I must say thank you to the state for the laws that somehow hold back this chaos from the idiots living among us.
So, if you happen to be an MTT client within the framework of your magic service, then you will receive a letter in which you will find a file with e-mail addresses, among which will be yours. This is the same file that the operator manually loads into the system in the field "distribution recipients". Somewhere nearby, he must attach a file - an attachment to the letter with the news, which the company has been in a hurry to inform. Everything was so ineptly done by everyone that the system allowed it to crank, the operator did not pay due attention - even the file names did not read the control, well, and finally - the absence of any control of the result before mass sending made it possible to launch a rocket with a monkey into space, providing it with a nuclear suitcase for another attempt to destroy earthlings.
Big companies - big problems
I recently had a chance to give the monkey a grenade in my hands, it was so scary that I had to quickly jot down a separate configuration in 1C so that it wouldn’t jerk so much, if that ... years, and things are still there - we hammer nails with a microscope!
Prehistory
We have large companies that allow ordinary mortals and companies in 2 clicks to get a clean city number and land on SIP, one of these companies is MTT. The whole charm in the transparency of such a number is contractual relations and an obvious linkage to the subscriber (against cheap operators, who, sometimes, it is not clear how the number is landed). So I became first a corporate client, and then as an individual.
')
We are a big office - we want to eat a lot!
Have you met for a long time with the fact that to get one service you need to buy an elephant?
Here and there. There is a number, but to use it you will need to pay for a virtual PBX. Who understands what they are talking about, they will understand me more than perfectly: a company landing a number, for a certain amount per month, sends calls to your end point, but it does this only via a “toll highway” - this is me about the virtual PBX. The thing for many is absolutely superfluous and unnecessary, but money is worth it — the equivalent of 5-10% of the minimum wage.
Nobody forbade breathing, but the air is paid!
Even in times of greater abundance of money, we often paid for the air and agreed with this. And then, the first crisis came, then the second, companies started to miss the money, and the air began to sell, too, more expensive. So, an unnecessary elephant has become more expensive for end users. In my head, of course, an approximate representation was formed of the processes of a large company, which has large expenses for development, coordination of projects, and the like - the rationale for the increase in the price of air seemed to be found. Not to say that I believe in fairy tales, but I always want to believe in something good. I believed again.
When not enough money on the air
How many do not work, but you always work on the system. Sometimes the system has to be changed so that there is more money left for itself, and there are other companies that provide a no less white connection to the telephone network, but at more tasty prices, more precisely, without being forced to use toll roads. So a big company becomes unnecessary and is forgotten about it ...
Dear subscriber!
“We certainly want to keep you abreast of all our changes despite the fact that you haven’t been using our services for a couple of years now” - this is how tons of letters appear in our mailboxes. Just like that. I constantly head over to some projects and look through these letters in order to understand about which company has a problem and how they react - the appearance of any letter was something provoked and often there is useful information between the lines about what happened in the world, while you are like an ostrich, you’ve been digging into your project. ” This time this information was not. Forgot to attach it.
We are all humans
In the next newsletter they forgot to attach a document with which they were asked to familiarize ... Although, no!
They did not forget, but confused - they did not attach the wrong file. Well, wrong man. Anything can happen.
Unobvious became apparent
Wait, who was wrong? How wrong? What about personal data? How sekyurnost? Is the security service already dissolved?
Large company rails
For the most part, large companies live solely on the fact that all processes are put on the rails and function confidently. If recruitment, then streaming. If at the machine, then from morning to evening and above one part, each of which will be checked by the quality control officer. Only in this way are resilient systems and companies built up to failures.
And we live in Russia!
We have no money for the laying of railways, we constantly spend on something, but not on what is needed - a fact.
Therefore, there are holes on the roads, because we have couriers from among students with preferential travel cards, so one summer we put lanit at stops, and the next again - asphalt, as if throwing away already unnecessary lanit - an example of how and where the money goes initially convincingly knocked out under the task.
Testing? - No, I did not hear!
“Never, hear, guys, never check the conformity of the result to what was intended!” - I can explain this to us regularly only with this instruction from the head.
Think for a moment:
a large company organizes newsletter for its customers. To complete this task, you need a list of clients and information that needs to be conveyed. In addition, a large company operates with personal data and a number of laws must comply with, prescribe clear rules for dealing with such data, and the like.
Also, it would be nice to send a test letter to yourself for control, to check that everything looks as it should, it doesn’t contain anything superfluous, lawyers, for good, during a mass mailing they should at least read and say “it is possible”. The security service for its part must say its "yes." And this is not bureaucracy - these gears will turn very quickly and unnoticed if the system is on the tracks. But yes ... we are in Russia.
A little bit about sore and urgent world of this
Recall the years 2000-2004, only computers were widely used, the Internet was actively built in our offices and homes, IT infrastructures were few and only everything was getting up. Then I could imagine a secretary who keeps a file with the data of subscribers and makes a mailing list manually if necessary.
10 years have passed. We have large databases, entire systems that allow us to process and somehow operate information, and most importantly, to control access, protect private data, and the like. Now imagine that all this is there, a lot of money was spent on it, and then we take this expensive microscope and hit it with the full force of the nail head, which sticks out of the wall after the builder’s works - everything is trash.
How could be done and how was done
Warning: I am not an employee of the MTT company, I am an ordinary mortal of this world who is able to perceive, digest information and draw conclusions, based on my experience, recreating one of the possible variants of what happened and sharing with you.
- All customer data can be stored in a centralized database, which actually happened.
- The task of informing customers to solve centrally - it was so. There is a certain system that did the newsletter.
- To form a list of recipients of information centrally - everything is so, I do not argue.
- Hide the addresses of real recipients from any operator. No, that was not done. Employees operated with “bundles” of recipients' addresses — the very same Excel files with lists of recipients.
- Agree on the contents of the mailing. No, it was not done in any way. Moreover, there is an opinion that there are no procedures for coordinating such distribution. Nobody puts a visa "complies with the law / safety rules / legally permissible" and so on.
- Post to test address - for control. This also didn’t have to be done, everything is urgent, we need to do it “yesterday”, so we’ll do everything at once in combat mode. Well, the truth is, why spend half an hour of time checking, rechecking and agreeing, if you can shave off, withdraw the newsletter (still send the newsletter). And in general, we are not afraid of anything, neither bears, nor sanctions, nor laws, nor bosses - it will not give out a bonus anyway, it will flood my offer, and even make an extreme offer.
What happened
More briefly about it will flash somewhere in the news, I think, and I tried to convey key information that we are responsible for everything we do. Not the company made a mistake, according to which information about a little more than 13 thousand subscribers became available by this very 13 thousand (and then to the whole world), an error was made by quite specific people performing their official duties, someone just carelessly - careless about work , someone without enough will to argue and prevent the system from operating without modification. Some of the chiefs are overly confident and do not know how to listen to subordinates. We have such a culture - work on the "leave me alone". That is what we need to change, if we want to change anything for our generation and our children. I sincerely believe that if we stop doing “badly”, nothing terrible will happen, maximum - we will lose work, companies, some of us are chic dachas and tons of kickbacks, but the most important thing is that the less low-grade garbage in our lives we do, the more really good works are valued. Every time we do something like this, we don’t give chances for those who do it well to survive - hackers dump the market of professional specialists, pushing our world to chaos. By the way, I must say thank you to the state for the laws that somehow hold back this chaos from the idiots living among us.
So, if you happen to be an MTT client within the framework of your magic service, then you will receive a letter in which you will find a file with e-mail addresses, among which will be yours. This is the same file that the operator manually loads into the system in the field "distribution recipients". Somewhere nearby, he must attach a file - an attachment to the letter with the news, which the company has been in a hurry to inform. Everything was so ineptly done by everyone that the system allowed it to crank, the operator did not pay due attention - even the file names did not read the control, well, and finally - the absence of any control of the result before mass sending made it possible to launch a rocket with a monkey into space, providing it with a nuclear suitcase for another attempt to destroy earthlings.
Source: https://habr.com/ru/post/270587/
All Articles