
“unhackable” T-mobile Austria stores database credentials to in their GitHub - DyslexicAtheist
https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fwww.golem.de%2Fnews%2Ft-mobile-oesterreich-klartextpasswoerter-und-amazing-security-bei-t-mobile-at-1804-133713.html&edit-text=
======
DyslexicAtheist
original article is in German: [https://www.golem.de/news/t-mobile-
oesterreich-klartextpassw...](https://www.golem.de/news/t-mobile-oesterreich-
klartextpasswoerter-und-amazing-security-bei-t-mobile-at-1804-133713.html)

The original thread has interesting lessons in how not to engage with angry
customers on social media. I've seen such attitude more often in
Austrian/German companies since if you do this in the US it often costs you
the job. In Germany they often joke about "Servicewüste Deutschland" which
translates to service-desert Germany (e.g. German-speaking countries consumers
know their service is usually terrible compared to other places).

The statement from Käthe is even more surreal considering the latest news
linked above.

Funny that if you're at the heart of a security PR disaster you almost
certainly find yourself at the receiving end of a free penetration test
conducted by the public. (... so maybe it was all planned and they just didn't
want to spend any money on security, LOL.)

T-mobile is not an isolated cases in the mobile operator space! Sadly
customers don't know until it accidentally ends up being in the news ... What
makes it especially outrageous (e.g. that mobile operators neglecting security
is a bigger deal than e.g. Aldi website), because the operator who provides
the "the last mile" to the consumer for going online. So they enjoy more trust
than other sites.

elecom operators have in general by far worse security (and engineering)
knowhow than xyz random website. Hell, most crappy wordpress blogs have better
security than what VF/T-Mobile & Co serves their customers (and being better
is not even hard). Consumers think the Telecom operatos have very good
knowledge/experience to secure customer data. But they don't. They are just
integrating 3rd party products and so assume they don't need much specialist
know-how. Looks like they're only just waking up to reality.

The case w/ @TMobile shows nicely how firms often think they're "the best" \-
which is very easy when one doesn't have the ability to judge their own
competence/weakness. Classic #ImposterSyndrome.

I don't think blame should go to the social media team (although they are in
need of urgent training) but blame should go to the company's mismanagement of
their technology and fraudulent claims they make to their customers. Heads
should roll IMHO, but certainly not in the lower ranks.

