TalkTalk Website Hit By Cyber-Attack

[FoxEye]

Looks like TalkTalk security is about as solid as their servers/network.

Seriously why are people on a tech forum even with these jokers?

I was with them because they were cheap. They've since screwed with their pricing and packages, and don't work out that cheap anymore. Currently in the process of switching to Sky, as they offered me a deal and TT wouldn't match it or even come close.

If you don't need tech support, their service was near faultless. Nearly perfect uptime, consistent speeds, reasonable FUP. For a low cost.

Is there some unwritten rule that techy people must be loaded, and all use Zen or AAISP? Some of us are/like to be cheap, you know!

 

[Mynight]

There's no such thing as safe. Everything can and will be compromised but if you're smart and give a damn about your customers you would make every effort to protect their data. If it was an APT I could forgive them as they've covered the basics but (if it is SQLi) this just screams of a company who's inept. SQLi is a script kiddy level breech which shouldn't be effective against a company of this size.

 

[ultralaser]

Every non TalkTalk customer (gods upon high horses?) giving the incredibly useful advice of leaving TalkTalk whilst confirming their god status by not being stupid enough to give them their custom back down the line.... Could you also please confirm which ISP's are safe, storing all their customers data encrypted and completely non-prone to this happening? I guess you all have access to a confirmation list of some sort that gives you all the lovely details on how they store your data and how this simply would not happen to them.... After all, that's why they are a few quid more per month than TalkTalk are, for your safety and wellbeing?!?

Virgin, BT, Sky, Zen, Vodafone, EE. They're all more expensive, confirmed OK. Just because.

I bought a Netgear router and configured all the securty myself and I didn't even barter with BT for my monthly price on super fast fibre optic. The BT peasant router was rubbish, because I heard so. I drive an Audi and don't have an overdraft..... Dave next door is on the dole and has TalkTalk, doesn't even have a password on his SSID, what a smelly bugger. No wonder his banking details got stolen, what did he expect?

In fairness this isn't Talk Talk's first ride of the pony. It's been hit a few times in the last 12 months fella. On the SOHO router stuff, erm, well that's not really the issue here, but good luck and hope you put something decent on there like ddwrt

 

[teaboy5]

Still havent been to check mine yet, But my mate who warned me this morning says the £300 he's lost has been taken by an account in Moscow.

Taken how? By using his CC information?

 

[xdcx]

Where were all these heroes of wisdom when Sony/PSN got thumped those times? Only tinkers bought a PS4 instead of a an XB1 clearly. It was inevitable that such a cheapo/horrible company stored everything plain text. Defs their own fault.

My mum has a Matalan card and she shops at Lidl. NOOOOOOOO.

 

[bradUK]

It's not been confirmed yet (and I doubt it will be unless the culprits / Talk Talk / Incident Response Team decide to share the details), but the infosec twittersphere is pretty convinced it's SQLi (or at the very least a non advanced actor) and they're usually on the money to be honest.

Heard earlier that a Talk Talk representative confirmed it was a SQL injection.

 

[ValiantUK91]

Just checked mine nothing has gone as of yet, Thinking of cancelling my contract if I can.

 

[Christmas themed thank]

If you're looking to cancel, I suggest an email to the CEO.

 

[Hagar]

Speaking to the TSB just.

If all you have lost is the ac no and sort code, the only thing that can be done to your account is to pay in money not withdraw.

If you pay TT by direct debit, you should be secure. Covered by direct debit guarantee.

If however you lodge the long card number with them (debit or credit) or pay by other than a direct debit, you could have an issue.

They still recommend you to monitor your account though and when TT is back online to change your password.

My salary went in today so I thought I had better check.

 

[Hades]

Maybe the hackers can find my customer details in there. Hell, despite being a reluctant customer of theirs for two years when they took over my ISP, Talk Talk refused to admit I was. I was stuck on a (free) 2gb line all that time as they wouldn't upgrade me and wouldn't release my line because they couldn't find my customer details. It often went down and they wouldn't fix it because apparently it wasn't their line. I spent a fortune on calls and letters to them. I only escaped them when I got the ombudsman involved.

This data breach does not surprise me in the least.

 

[NotAGolf]

I signed up with them a week or so ago so am a little disappointed by the news. Didn't realise this was the third time it's happened either!

Don't agree with the people that are saying "hurr hurr, teach you for going with them". I bet if you were to list every company you've ever given your details to at least one of them have been compromised at some point.

 

[SexyGreyFox]

Seriously why are people on a tech forum even with these jokers?

Apologies but that is a pathetic post.

I'm on EE so is that OK since you obviously know about such stuff?

 

[FloppyPoppy]

Apologies but that is a pathetic post.

I'm on EE so is that OK since you obviously know about such stuff?

Im curious about what provider he uses

 

[killsta]

Speaking to the TSB just.

If all you have lost is the ac no and sort code, the only thing that can be done to your account is to pay in money not withdraw.

If you pay TT by direct debit, you should be secure. Covered by direct debit guarantee.

If however you lodge the long card number with them (debit or credit) or pay by other than a direct debit, you could have an issue.

They still recommend you to monitor your account though and when TT is back online to change your password.

My salary went in today so I thought I had better check.

If only it were that simple. If account numbers, names, addresses, DOBs, etc have been compromised, then a lot can happen with that data if they know what they are doing.

 

[plasmahal]

Apologies but that is a pathetic post.

I'm on EE so is that OK since you obviously know about such stuff?

Dimple, don't feed the troll, they turn nasty after midnight.

 

[MrMoonX]

Only poor people go with Talk Talk.

+1

pay peanuts get monkeys

 

[SexyGreyFox]

+1

pay peanuts get monkeys

So who is the best for security?
Who can't be hacked?

 

[Wizzfizz]

The ones that use encryption?

 

[xdcx]

^^ the point of my sarcy as hell posts a page back.

 

[kitfit1]

So who is the best for security?
Who can't be hacked?

A good question and one that probably dosn't have a rock solid answer.
From everything that i have read about this over the last few days, a company that actually follows the data commission's requirements would be a good start. It's now crystal clear that TT did not encrypt customer data, we know that website passwords were not encrypted and from TT's CEO's television interviews we also know that other data wasn't as well. Yes' i know she said "we don't know yet", but a 10 second phone call to the head of IT would give her the answer. She must know there was no encryption on personal data, otherwise she wouldn't of said "we don't know". She didn't want to say, because under the data protection act TT and all company's are responsible for the safety of that data following the Data Commissioner's requirements. The most obvious and glaring requirement is for the encryption of all customers personal data. TT clearly had/has not met that requirement, so as a company is criminally liable...............................something she is not going to admit to in tv interviews.