TalkTalk Website Hit By Cyber-Attack

PapaLazaru said:
So they are holding card details on their servers that are not ecrypted / tokenized?

Oh dear.
Click to expand...

Not entirely sure if the data was encrypted as they have hidden it on the pastebin.

Wonder what TalkTalk will say, as i think they are by law forced to state what has been taken.
 
Talktalk i am with. Hardly anything in my bank anyway so easy to check!!

I see lots of various attacks going on this week. Can only get worse i imagine.
 
GinG said:
£27 a month for unlimited 76mb and line rental did it for me.

You have 20 days to cancel so thought why not! Always have 4G to fall back on if I need to change provider again. Yeah was the cost which drove me to them.
Click to expand...

Ouch...

I'm paying £17.99 (inc line rental) for Virgin 50mb (soon upgrading to 75mb) and the added bonus I don't have to deal with Talk Talk...
 
3rd successful attack since Feb. You honestly couldn't make it up, this level of incompetence is simply not acceptable for such a large firm.
 
So they're saying DDoS was part of this attack/breach so one has to wonder whether the e-tailer attacks on Monbay/Tuesday are also part of this one.
 
Getting big companies to take these sorts of problems seriously is a nightmare, I do design and build for ISP networks for a living, and DDOS is always something that people want to skip paying money for, throughput and cost are the 2 main factors, it's a nightmare trying to sell a good working DDOS solution.

I did a gig for a very large ISP, where I tried to get them to go for a much better and more scalable solution, but the response was "it's been fine for the last 8 years, it'll last another few at least" which is all fine and good...... until your company name is plastered all over the news and all the website images have been replaced with my little ponies or whatever lol.
 
Screeeech said:
Getting big companies to take these sorts of problems seriously is a nightmare, I do design and build for ISP networks for a living, and DDOS is always something that people want to skip paying money for, throughput and cost are the 2 main factors, it's a nightmare trying to sell a good working DDOS solution.

I did a gig for a very large ISP, where I tried to get them to go for a much better and more scalable solution, but the response was "it's been fine for the last 8 years, it'll last another few at least" which is all fine and good...... until your company name is plastered all over the news and all the website images have been replaced with my little ponies or whatever lol.
Click to expand...

Unfortunately a lot of large orgs have this sort of mentality throughout anything IT related, some people still like using 10 year old outdated computers running outdated unsupported operating system, because apparently it "all still works", then when something goes wrong there quick to blame IT.
 
lemonade said:
Unfortunately a lot of large orgs have this sort of mentality throughout anything IT related, some people still like using 10 year old outdated computers running outdated unsupported operating system, because apparently it "all still works", then when something goes wrong there quick to blame IT.
Click to expand...

It's frustrating as hell when you're trying to help though, especially as another very large ISP (who I've done a lot of work for, and who 1/4 of the forums members are currently sat on now) experience around 3000-4000 DDOS attacks per month, and it's all managed, self contained and mitigated - nobody hears anything about it (and it's actually been like this for 5 years or so)

Go to another company, and use this as an example - and they all just think we're trying to sell them a bunch of crap that doesn't do anything, when in actual fact..... it really does lol.
 
randal said:
My brother and I have just been discussing this after he asked me what he could do to safeguard himself in the light of having all this data potentially seized.

I said "not a lot" save for changing your bank account to make the details they have invalid, as it's not like you're going to change your name, move house or magically change your DoB.

Which led us on to thinking that there needs to be a radical overhaul in the way that bank details are used/stored. Either banks need to make account numbers changable, or more reasonable the old sort code/account number/credit card number systems of old and current need to go. In their place, something like a known public identifier such as email address a la Paypal needs to be instated. That way it doesn't matter if your details are compromised, you just change email address for banking.

Most people have got 2FA to get access to their accounts already, extend that to the instatement of payment option on service providers and retailers (like Verified for Visa, but amped up) and you've already gone a long way to securing things.
Click to expand...
Thats why TalkTalk are offering up a credit watching service to all their accounts. This will at least tell you if someone is using you name and address to setup new credit account, which is what you need to worry about. Ok, your details have been taken, but it is only going to be the trouble of contacting the bank if something dodgy is happening.
 
Screeeech said:
Getting big companies to take these sorts of problems seriously is a nightmare, I do design and build for ISP networks for a living, and DDOS is always something that people want to skip paying money for, throughput and cost are the 2 main factors, it's a nightmare trying to sell a good working DDOS solution.

I did a gig for a very large ISP, where I tried to get them to go for a much better and more scalable solution, but the response was "it's been fine for the last 8 years, it'll last another few at least" which is all fine and good...... until your company name is plastered all over the news and all the website images have been replaced with my little ponies or whatever lol.
Click to expand...

Yeah, I've experienced this...IT is unfortunately "invisble" until it goes wrong (at which point it's all the computer/IT department's fault, not the 10 year old servers/infrastructure that management have constantly refused to spend money on despite repeated warnings/requests)
 
Screeeech said:
It's frustrating as hell when you're trying to help though, especially as another very large ISP (who I've done a lot of work for, and who 1/4 of the forums members are currently sat on now) experience around 3000-4000 DDOS attacks per month, and it's all managed, self contained and mitigated - nobody hears anything about it (and it's actually been like this for 5 years or so)

Go to another company, and use this as an example - and they all just think we're trying to sell them a bunch of crap that doesn't do anything, when in actual fact..... it really does lol.
Click to expand...

I'm assuming you are referring to DDoS attacks against end-users/broadband/fibre customers?
How are these "mitigated" if they (the target) still go offline during the attack?

Unless you mean contained as in it only affects the target and no other customers.

[EDIT] I don't mean to sound as if I'm doubting/going against what you say if that's how it comes across!
 
Last edited:
I just heard on the radio that a customers account has been relieved of a lot of money, seems encryption they had was garbage or non excitant
 
Soundood said:
I just heard on the radio that a customers account has been relieved of a lot of money, seems encryption they had was garbage or non excitant
Click to expand...

My friend who has only just signed up has had a transaction of £300 from an account number he does not recognise.

Waiting to go check mine as my app is not working.
 
The Guardian have just announced that the individual(s) behind this have sent a ransom demand to TalkTalk :eek:
 
You must log in or register to reply here.
Back
Top Bottom