I heard credit cards have the first 12 digits encrypted with TT so I expect that is fairly safe as long as they haven't used <128bit encryption with that data - I imagine PCI compliance would stipulate a pretty high level of encryption for that.
TalkTalk Website Hit By Cyber-Attack
- Thread starter LoadsaMoney
- Start date
Ever thought that the hackers methods are becoming more sophisticated?
Also how can Anonymous hack various websites and be applauded but when someone else does it its somehow frowned upon? Principles are the same, they do something illegal to obtain / access information that they shouldn't.
Soldato
- Joined
- 22 Oct 2004
- Posts
- 9,086
- Location
- Berkland
lol, u wot m8?
Why would they want to hash a credit card? A credit card would be a recoverable piece of information, i.e. they would want to un-encrypt it to use to make payments, if that information was there. If they didn't need to do that, then yeah, a hash of it would be fine, but then you wouldn't be able to show that info that they have on file for a customer, via the customer portal, i.e. you login to you account, and you can see where they are taking money from. Either way... MD5 LOL, no one would make that mistake... its the worst way to hash something. They would be using SHA512 at least.
Suspended
- Joined
- 22 Apr 2015
- Posts
- 2,634
I didn't mean specifically the CC info to be hashed I meant encrypted, I was referring to other information as hashed. I should have worded it different instead of hashed/encrypted.
So they are sending us emails about this then...no doubt to our Talktalk webmail which I haven't been able to access for the last few days (now know why). I was trying to see how much I pay a month as I am about to leave TT due to superfast BB now being available in my area. There is an option on an old email I have off them, to download their app. which will let me read my mails.....but the link goes to their page....which is unavailable.... 
Well...I just signed up to these on Tuesday for their Fibre package moving away from Sky.
Think I will still keep with them, wonder if I could haggle some compensation or further discouints?
I don't think there is any chance of going back to Sky and ask them to match!
Think I will still keep with them, wonder if I could haggle some compensation or further discouints?
I don't think there is any chance of going back to Sky and ask them to match!
Man of Honour
- Joined
- 29 Mar 2003
- Posts
- 57,482
- Location
- Stoke on Trent
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
To be fair it only affected people who use the same password everywhere or simple passwords. Depends if they got the passwords in plain text or what. It's likely they just got name and address and some form of encrypted password. My mom is talk talk but set her up with keepass 6 months ago when she was hacked last time.
No, but if you know who was behind it, tell **** and they will give you £15,000
Competitors are starred for a reason
Last edited by a moderator:
DDos is slightly diffident to a hack that breaches servers to obtain information.
I'm a talktalk customer, and have never had an issue with them, Finding out this morning via Whatsapp though was a bit crap.
I can't even remember my log in details for the website as i never use it.
I'm a talktalk customer, and have never had an issue with them, Finding out this morning via Whatsapp though was a bit crap.
I can't even remember my log in details for the website as i never use it.
Soldato
- Joined
- 19 Jun 2012
- Posts
- 5,432
A lot of recent hacking attacks have been shown to originate from China. It was a tongue in cheek comment to reflect the possibility this one may be the same
Cost.
£27 a month for unlimited 76mb and line rental did it for me.
You have 20 days to cancel so thought why not! Always have 4G to fall back on if I need to change provider again. Yeah was the cost which drove me to them.
My brother and I have just been discussing this after he asked me what he could do to safeguard himself in the light of having all this data potentially seized.
I said "not a lot" save for changing your bank account to make the details they have invalid, as it's not like you're going to change your name, move house or magically change your DoB.
Which led us on to thinking that there needs to be a radical overhaul in the way that bank details are used/stored. Either banks need to make account numbers changable, or more reasonable the old sort code/account number/credit card number systems of old and current need to go. In their place, something like a known public identifier such as email address a la Paypal needs to be instated. That way it doesn't matter if your details are compromised, you just change email address for banking.
Most people have got 2FA to get access to their accounts already, extend that to the instatement of payment option on service providers and retailers (like Verified for Visa, but amped up) and you've already gone a long way to securing things.
I said "not a lot" save for changing your bank account to make the details they have invalid, as it's not like you're going to change your name, move house or magically change your DoB.
Which led us on to thinking that there needs to be a radical overhaul in the way that bank details are used/stored. Either banks need to make account numbers changable, or more reasonable the old sort code/account number/credit card number systems of old and current need to go. In their place, something like a known public identifier such as email address a la Paypal needs to be instated. That way it doesn't matter if your details are compromised, you just change email address for banking.
Most people have got 2FA to get access to their accounts already, extend that to the instatement of payment option on service providers and retailers (like Verified for Visa, but amped up) and you've already gone a long way to securing things.
Soldato
- Joined
- 23 Dec 2009
- Posts
- 18,245
- Location
- RG8 9
So they are holding card details on their servers that are not ecrypted / tokenized?
Oh dear.
Oh dear.