Troll Marketing: Dialog Axiata’s ‘Facebook Hack’


Customers of Dialog Axiata are rather used to receiving spam SMS. Dialog (and other fine upstanding Sri Lankan telecommunication companies) regularly flood inboxes with everything from unsolicited messages from the President to the offer of the day – Lord of the Reload, Dialog TV offers, Accident cover, you name it – and all 102,000,000,000 gods* help you if you make the mistake of subscribing to something like 077 Live. Reams have been written on this spamflood; petitions have been made in its wake.


However, it seems that Dialog has sunk to a new low. Kalinga Athulathmudalali, CTO at and founder of Techකතා, brought this to our attention after posting a set of tweets with a screenshot. Said screenshot, displayed below, shows a string of messages from Dialog, inviting the user to dial *325# for Facebook access. The last message is where ugly marketing rears its head.


Leave aside the spamflood (November 1st, November 4th and November 4th again, pushing USSD alerts to a customer who uses the Facebook app: well played, marketing team, well played): Sri Lankans have gotten used to these seemingly desperate calls-to-action, and no network is entirely free of such spam. Instead, consider the last message.

There are only three ways a mere mortal (read: someone not from Facebook itself) can know how many notifications you have: a) you’ve told them or b) you’ve given access to your Facebook account or c) they’ve hacked you. Kalinga’s not the only one to have received this message.


The gut reaction to the message, as can be seen, is to accuse Dialog of the obvious: hacking.

If this were true, Dialog Axiata, under the laws of the country and the world, would be guilty of cybercrime. They would also possibly have a very large lawsuit headed their way from Facebook, and somehow we at Readme don’t think The Future is heading there Today.

Rather, this is yet another ungainly marketing stunt: fooling people into believing that Facebook has notifications for them. This falls squarely under what the world defines as False Advertising, which is illegal in most countries. However, this being Sri Lanka, there appears to be no local law that brings this under its jurisdiction. One would suppose that Facebook or the users themselves are free to press charges, although it’s unlikely that Facebook will bother.

Instead, let us ask more pressing questions. Consider the screenshot below. Dialog requires that subscribers log in to their Facebook through *325#, exposing their login credentials. This service appears to be entirely outside the “Facebook mobile” SMS service that Facebook operates. Why is Dialog collecting Facebook accounts?

Post-article correspondence from our readers: Identical bait-and-hook tactics being used by Airtel.

Why is there no mention of this in or any of the official press? Where has the marketing team behind this been schooled, and why were they not taught fundamental ethics or crime regulations? And when will Sri Lanka get a law that prevents companies from emplyong such blatant falsehood as marketing tactics?

Food for thought.

*information of dieties courtesy of


  1. Once I used a Dialog connection which was not owned by me (corporate). The billing name and address were corporate – not my personal information. The only thing I did was adding this number to my Facebook account (to receive 2-step authentication token). “Facebook mobile” text message spam then started coming in. It was possible to find my Facebook account using that mobile number at that time – I had made it public.
    With that all put together, my best guess is, Dialog Axiata has a (fake) Facebook account which they operate using a web crawler program. Using the fake account, they can look up all the public records on Facebook. If my assumption is true, then Dialog Axiata has violated Facebook terms of service.

    I tweeted to them (just a polite question), but they never replied to my tweet.

    And finally, I am surprised to see Dialog has asked the customer to send a password to be sent over clear text. @dialoglk, are you out of mind?

  2. Thanks for writing about this. I think the worst thing is they are asking the users for their password. Too bad DialogLK does not care about user’s privacy. Etisalat also tried to do this few years ago which I wrote about here:
    Just to imagine, none of the Engineers who implemented this at Dialog/Etisalat knew about simple rules of security is pretty cringeworthy:

  3. Guys, this scenario is not true only to Dialog Mobiles. Spammers use networks even outside Sri Lanka (like Nigeria which is one of the most famous destinations for spammers) and also bulk SMS gateways provided by almost all the service providers in SL (Hutch, Lanka Bell etc).

    The truth is that many private organizations use these gateways to spam customers for which any network including Dialog doesn’t have any kind of control… This is pretty bad in other countries and worse in India – we are just getting there…

  4. As you know – under the Facebook Platform Policy, Section Protect Data – Facebook clearly states, “Don’t proxy, request or collect Facebook usernames or passwords.” We damned well made oAuth, OpenID and what not to protect people’s identities and we have shitty USSD apps stealing identities in plain day light. Shame on you Dialog and all USSD app developers.


  5. It’s just sad to see this. Also as a paid subscriber why the hell do we get Messages from Dialog about offers and shyt.. -,- It’s just sad. I once called them and told them to close it but they were said its not under their control. Also no one in the customer service ever has a clue properly what to do. THEY always have different numbers to call different hotlines and they say “This is charged” WHY THE HELL DO U CHARGE FROM YOUR OWN PEOPLE! Hotlines are suppose to be FoC…

    I have been with Dialog for a long time but that’s cos I am already used to this BS. But it’s just SAD… :@

  6. In addition to this Dialog is running a scam operation named Dialog games club which is a simple WAP site. They sent me a text message with a link to my mobile internet connection with some details. Just to check what’s that I clicked that link and because it was a WAP site I didn’t bother about that.

    When the bill came for that month, they have charged me Rs20 a day for registering for that useless service. I didn’t even get a confirmation message when I got registered. When I scolded the customer care person he said it is a feature. The link redirects to the signup service and that doesn’t require any confirmation from the user. Even they are careful not to send a text to the mobile to inform about the signup or the charges involved.

    Dialog are you that much broke?

  7. Lol Dialog, couldn’t you really come with a better way to authenticate users other than asking for their passwords in plain text? If official dialog allows this I love to make a USSD app on their IdeaMart api to collect people’s passwords! 😀 This is clearly a cyber crime plus shameful, idiotic marketing! Wonder whether Dialog marketing team were never taught of cyber crimes.


Please enter your comment!
Please enter your name here