Hacking away at PLDT's goodwill

Both the hackers of PLDT and the company itself should consider what they've done to get to this point

by
https://assets.rappler.com/612F469A6EA84F6BAE882D2B94A4B421/img/73685996C66A447EABD8651A6FC46D18/hacking-pldt-goodwill_73685996C66A447EABD8651A6FC46D18.jpg

On the surface, attacking PLDT’s Twitter account seems like a “cool hacker” thing to do.

Hacking PLDT's support Twitter sends a statement that the company isn’t doing it’s job, and as the hacker, you’re calling the company out for its missteps. It makes you look like a heroic antihero type going against the establishment.

Beyond that, I find a very complex series of interactions in play, in which both the perpetrator and the victim should consider what they’ve done to arrive at this point.

Beyond account hijacking

While people were apparently cheering on the defacing of the PLDT_Cares Twitter account, it should be understood that they are also victims of the hackers.

The hackers should realize that, more than simple defacement of an account, they had potential access to the details of people looking to get help from PLDT using the Twitter account – though the amount of personally identifiable information (PII) given by people to account over time may vary.

It seems possible that those customers trying to contact PLDT_Cares could now have been victims of cybercrime, even if they were pleased that PLDT got its seeming comeuppance from the hackers.

While PLDT has said there is no record of a digital exfiltration or scraping of customer data from the Twitter account, it’s also possible the hackers could have simply written the info down manually on a pen and paper, if they wanted to, as if it were a targeted attack meant to get information on a handful of people for later use.

As such, I reckon those cheering on the hackers should or wishing the hackers would take on other companies, too, should also be worried for their data falling into the wrong hands.

The main game in town

PLDT, meanwhile, should be concerned about its reputation.

As one of the few places to get internet in the country, PLDT shouldn’t have been lax with its security.

While I can respect the company’s timely response to media queries after the hacking, the fact that people were happy its support system got hacked should clue them in to the idea that their public face does not look all that great.

Aside from service issues with their internet, they seem to suffer from manpower or staffing problems that make it more difficult to get needed repairs done in a timely manner. (READ: How much time is acceptable for a telco to fix a bad connection?)

It’s also noticeable how the immediate tweeted (but now-deleted) response to recovering the PLDT_Cares account wasn’t an after-action report explaining what went wrong, but a light-hearted attempt to sweep the issue of the hacking under the rug by saying everyone gets hacked.

Honestly, I’d much rather know what went wrong, and what they’re doing specifically to make sure it doesn’t happen again, rather than some empty platitudes.

So yes, while I deplore the hackers for defacing the PLDT_Cares Twitter account, I'm, as a consumer, also concerned by the lackluster manner in which PLDT presents itself to the public and makes itself accountable after a hack. – Rappler.com