Worked support for an electricity supplier. I was able to see a frightening amount of info about the customers. Even past ones who had moved elsewhere.

We also kept notes about each call, email, web or app chat. So if you were an asshole in the past, everyone will know going forward.

Also fuck landlords and landladies etc. More often than not, they were shitty to deal with.

Also we would often use Google Maps and Streetview to see what your house looked like. We also had pictures of the inside because the installation techs took pictures to confirm that works were completed as specified.

Alll of this was available to us for any reason, at any time with no oversight. And none of it was encrypted. There was also government websites in use up to 2020 that required internet explorer to use and had passwords as trivial as ‘Password1’.

I left that job because the pay was lousy and the stress was pretty full on. I respected a lot of people that worked there. Both higher ups and people who came after me. But fuck was there a lot of potential for bad actors or like stalkers etc to mess with your info.

I would reccomend to everyone. Please use password managers. Especially decent open source ones like Bitwarden. Take note of every piece of info that you give a company. From your phone number, address, email etc to even when you contacted them. Also try to not have your home look like an abandoned hovel on Streetview lol. Easier said than done I know. But it may affect your dealings with support people that you need help from. And lastly, please dont use Password1 as a login. Ever. Like please.

I worked for for the railroad. Nothing is fixed ever. I witnessed hundreds of code violations every day for years. Doesn’t matter if a rail car or locomotive meets code as long as it “can travel” its good to go.

When an employee inspector finds a defective rail car management determines if it will get fixed. If the supervisor “feels” like “it’s not that bad” then the rail car is “let go”.

I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.

Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren’t even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they’d contact support to complain about paying for an app that doesn’t even load and may not have for months or years at this point).

I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs… amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.

Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I’d spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be ‘a shame’ if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.

You have definitely interacted with this ecommerce platform if you shop online.

I don’t have any interesting secrets or facts from my current ex-jobs, so I’ll share an interesting fact from a buddy’s. It’s one of those companies that offers automated phone systems (and chats, nowadays) that listen to your options rather than taking number inputs.

This may no longer be the case, but these systems were not actually automated. There are entire call centers dedicated to these phone systems, whereby an operator listens to your call snippet and manually selects the next option in the phone tree, or transcribes your input.

I wouldn’t be surprised at all if advances in AI have made this whole song and dance less in need of human intervention, but once upon a time, your call wasn’t truly automated - it was federated.

The programming team that is working hard on your project is just one dude and he smells funny. The programming team you’ve met in your introductory meeting are just the two unpaid interns that will be fired or will quit within the next two months and don’t know what’s happening. We don’t do agile despite advertising it. Also your project being a priority means it’ll be slapped together from start to finish 24 hours prior to the deadline. Oh and there will be extra charges to fix anything that doesn’t work as it should.

At Disneyland, Mickey Mouse is always played by a woman, due to the small costume. So if you put your arm around him for a photo, try not to accidentally touch Mickey’s boobs.

Why is everyone here afraid to name the companies?

Unless you’re sharing something that only you would know and the company is aware that you’re the only one who knows it, there’s no way they can identify you.

Something tells me the people posting here who had “NDAs” didn’t actually have any sort of a high level clearance to important information.

An European Country stores citizens’ critical data in vulnerable databases, whose password is in HaveIBeenPwned, on a VPN whose certificates are stored in random NASs. The IT guys don’t know how encryption and certificates work and I wouldn’t be surprised if everything was in some adversary countries’ hands

I worked with people from many indian IT companies who just outright clone github repos and tell clients they developed the entire thing from scratch.

I worked for an online payment company you all know. Many eployees have access to the main DB which holds all transactions and names and everything in clear text. You could basically find out all PII (personal identification information) of any celebrity you wanted given they had anaccount. Address, phone number, credit card and all. If you knew a bit of SQL you could basically find whoever person you wanted and get purchase history and all.

Cant say I didnt use this to find stuff about my exes or various celebrities.

Back when I managed a Blockbuster Video, most stores ran at a loss thanks to theft.

The real reason most stores failed wasn’t because DVDs were going out. It was because we couldn’t stem the flow of money out the door thanks to thieves.

Health insurance company I worked for would automatically reject claims over a certain amount without reviewing them. Just to be dicks and make people have to resubmit. This was over 25 years ago, but it’s my understanding many health insurers still pull this shit. They don’t care if it’s legal or not. Enforcement is lazy and fines are cheaper than medical claims.

Obviously this is in the USA.

I worked as a pastor and professor for a global, evangelical television ministry/college. They knowingly conceal scholarship on the Bible and punish their pastors for asking any questions that undermine their most closely held traditions (including anti-evolution, mental illness is supernatural, etc.). They tell their US viewers that they can’t call themselves Christians if they don’t vote Republican, while still enjoying tax-exempt status. They use pseudohistorians to inspire Christian Nationalism over their network, and are one of the largest propaganda networks for the Religious Right. A U.S. Capitol police commander told me his men were fighting people who were wearing the network’s brand.

Office Depot sells printers at very low (or even negative) margin, and then inflates the margins on cables, paper, ink, and warranty. If you want the best deal, get the printer from OD, and everything else you need somewhere else. That $20 USB cable they sell costs them $1 and you can get the same or better online for $2.68.

The building, used by several hundred employees, had a security systems with 4-digit codes. I’ve been part of group of people who liked to work late times, and the building would lock at midnight – the box by the door would start beeping and you would need to unlock it within a minute or so, or “proper alarm” would ensue.

However, to unlock the alarm you did not need your card – all you needed to do was to enter any valid code. Guess what was the chance that, say, 1234 was someone’s valid code? Yes.

We’ve been all using some poor guy’s code 1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.

By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code “belonged” to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.

(By the way, I don’t work for that company anymore, and more importantly, the company does not use that building anymore, so don’t get any ideas! 🙃 )