Got something to say or just want fewer pesky ads? Join us... 😊

Talktalk......cyber attack

  • Thread starter Deleted member 2719
  • Start date


D

Deleted member 2719

Guest
Do you still trust the internet?



Police are investigating a "significant and sustained cyber-attack" on the TalkTalk website, the UK company says.
The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed.
TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.
The Metropolitan Police said no-one had been arrested over Wednesday's attack but enquiries were ongoing.
TalkTalk said in a statement that a criminal investigation had been launched on Thursday.
It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:
Names and addresses
Dates of birth
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details
Dido Harding, chief executive of the TalkTalk group, told BBC News its website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack.
'Crime of our generation'
The TalkTalk sales website and the "My account" services are still down but the company hopes to restore them on Friday.
Ms Harding added: "We brought down all our websites [on Wednesday] lunchtime and have spent the last 24 hours investigating with the Met Police.
"It's too early to know exactly what data has been attacked and what has been stolen.
"Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well."
Statement on TalkTalk website
Image caption
TalkTalk said the website had been taken down as soon as it had noticed "unusual activity"
It is the third cyber attack to affect TalkTalk customers over the past 12 months.
In August, the company revealed its mobile sales site had been targeted and personal data breached.
And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names.
The biggest risk is that customers' details have been stolen and criminals try to impersonate them
Dido Harding, TalkTalk group chief executive
Ms Harding said: "Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company's defences be stronger?
"I'm a customer myself of Talk Talk, I've been a victim of this attack."
Banks alerted
It is expected to take some time to contact everyone and some customers have expressed anger and frustration that they are yet to hear anything.
One customer told BBC Radio 5 live: "It's just the latest in a long line of failures... To hear about it up to 48 hours after something may have happened really isn't good enough."
Another said: "I only heard about it because I happened to turn the TV on. It is very worrying."
Hands typing on a laptopImage copyrightPA
TalkTalk urged customers to keep an eye on their accounts over the next few months and report any unusual activity to their bank and Action Fraud on 0300 123 2040.
The company said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring.
Ms Harding said: "The biggest risk is that customers' details have been stolen and criminals try to impersonate them."
'Rapid growth'
Professor Peter Sommer, an expert an cyber security, said TalkTalk's rapid growth could be to blame for the breaches.
"They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity... but that's an expensive exercise," he told the BBC.
"The quality and quantity of attacks increases all the time so it's a significant problem for many companies.
"But undoubtedly TalkTalk has had significant problems for some time and they simply had to go public now because personal data is available and the Information Commissioner is going to be hard down on them to see why they haven't performed better."
 




D

Deleted member 2719

Guest
Will NSC still be buying through the internet?

Will there be a return to shopping on high Street/retail park?
 




D

Deleted member 2719

Guest
It's probably game over for talk talk.

We can only hope, we have been with there business Broadband for a short time and it hasn't been pleasant.

But will the Cyber men worry the public into shopping back on the hight street?
 

Attachments

  • Cyber men (1).jpg
    Cyber men (1).jpg
    10.4 KB · Views: 521






Arthur

Well-known member
Jul 8, 2003
8,760
Buxted Harbour
Will NSC still be buying through the internet?

Yes

Will there be a return to shopping on high Street/retail park?

No.

It's probably game over for talk talk.

That's a bit strong I feel. They're one of the big 4 in this country that user base isn't going to vanish over night. These sort of attacks are common place in the market eBay, Apple, Sony all still there. Even Ashley Madison is still going.

That said Mr Dunstone needs to start employing some better IT security folk at his place as this isn't the first time his lot have been breached in recent times http://www.cityam.com/221901/carpho...s-customer-details-hacked?ITO=related-content
 


Gullflyinghigh

Registered User
Apr 23, 2012
4,279
Will NSC still be buying through the internet?

Will there be a return to shopping on high Street/retail park?
I can't speak for all of NSC but it won't put me off shopping online.

There have been numerous big breaches over the last few years but (from a layman's perspective) it seems like very damage is actually done as long as the impacted company has made a point of encrypting their data in the first place...if they don't...well, careless.
 


D

Deleted member 2719

Guest
I can't speak for all of NSC but it won't put me off shopping online.

There have been numerous big breaches over the last few years but (from a layman's perspective) it seems like very damage is actually done as long as the impacted company has made a point of encrypting their data in the first place...if they don't...well, careless.

So if they have customers details in particular bank details they have no need to worry???
 




Gullflyinghigh

Registered User
Apr 23, 2012
4,279
So if they have customers details in particular bank details they have no need to worry???
Oh don't get me wrong, if I were a TalkTalk customer I'd be fairly concerned about the whole thing considering that they've already said that not all data was encrypted in the first place.

I was thinking of the wider question of whether online shopping is likely to take a hit, where I suspect the answer is no.
 


D

Deleted member 2719

Guest
Oh don't get me wrong, if I were a TalkTalk customer I'd be fairly concerned about the whole thing considering that they've already said that not all data was encrypted in the first place.

I was thinking of the wider question of whether online shopping is likely to take a hit, where I suspect the answer is no.

Ah Okay, i am a talktalk customer :eek:

I have had so much poor performance from these faceless companies who make it difficult (almost impossible) to complain to when they cock up ( 3 mobile in particular) i am also thinking could this do what seems like the impossible (especially with the over 50's) take them back to the high street. I am 85% back to the hight street and dealing with people, while we are at in bring back the shilling!
 


Dave the OAP

Well-known member
Jul 5, 2003
46,761
at home
To be fair, I can relate many stories of ddos attacks emanating from the Far East and the Middle East that we catch and send to various " cleaning houses"

99% of attacks are not reported, only the ones that hit the big corporations.

There is anecdotal evidence that the young 10 year old in his bedroom ******* over his ability to bring apple down is just as capable of attacking systems that state sponsored banks of hackers trying to get into security systems. This is the new terrorism.

Be assured that the ability of these attacks to get bank details and drain your account is actually very small and it is more around flooding sites with bogus mails and huge self spawning data files that actually gum up the works and will cause a web site to " crash" as it can't process the data is has. The bank thing tends to be where they have your number and try to arrange loans on it. If the lenders are following their protocols, this would also be hit and miss and if it's fraudulent, then the banks tend to write off the debt anyway as malicious fraud.

The things we recommend is change your passwords every 30 days
Never use simple passwords....letmein...password1...brighton123...that sort of thing
Never ever give your passwords or pins to anyone who calls.
Make sure you set your computer to " clear cache"every night...including "passwords".

Apart from that, just be aware.
 




Thunder Bolt

Silly old bat
Password changed, credit card not used therefore ok, and checking the bank account daily as normal.

Look out for small amounts like £1 going from your account as with 4 million customers, that could be quite a haul.

As for the high street, a former colleague of mine went to a cashpoint on payday, and found her account had been wiped clean. It turned out that she had been shopping in TKMax a couple of months earlier who had had their rubbish stolen at the back of the store with debit/credit card transaction slips unshredded.
Fortunately the bank had it covered but her card was being used in the USA where PINs aren't needed.
 


Bozza

You can change this
Helpful Moderator
Jul 4, 2003
57,289
Back in Sussex
The things we recommend is change your passwords every 30 days
Never use simple passwords....letmein...password1...brighton123...that sort of thing
Never ever give your passwords or pins to anyone who calls.
Make sure you set your computer to " clear cache"every night...including "passwords".

It's all sound advice but in many cases, like this one - none of the above makes the slightest bit of difference. If the host system is compromised then your data is available to the miscreants. Then you just have to hope that they do use strong 1-way encryption on your password with them and that they protect card details in a PCI DSS compliant manner.
 


D

Deleted member 2719

Guest
To be fair, I can relate many stories of ddos attacks emanating from the Far East and the Middle East that we catch and send to various " cleaning houses"

99% of attacks are not reported, only the ones that hit the big corporations.

There is anecdotal evidence that the young 10 year old in his bedroom ******* over his ability to bring apple down is just as capable of attacking systems that state sponsored banks of hackers trying to get into security systems. This is the new terrorism.

Be assured that the ability of these attacks to get bank details and drain your account is actually very small and it is more around flooding sites with bogus mails and huge self spawning data files that actually gum up the works and will cause a web site to " crash" as it can't process the data is has. The bank thing tends to be where they have your number and try to arrange loans on it. If the lenders are following their protocols, this would also be hit and miss and if it's fraudulent, then the banks tend to write off the debt anyway as malicious fraud.

The things we recommend is change your passwords every 30 days
Never use simple passwords....letmein...password1...brighton123...that sort of thing
Never ever give your passwords or pins to anyone who calls.
Make sure you set your computer to " clear cache"every night...including "passwords".

Apart from that, just be aware.

This is good advice thanks, didn't know about clearing the cache so often and changing passwords every 30 days, a small knowledge is dangerous in mine and many others cases i reckon!
 




beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
36,015
So if they have customers details in particular bank details they have no need to worry???

when we had cheques you used to hand out a convenient piece of paper with you bank details on, with out much worry. your name and address are a matter of public record, on the electrol roll.

the main concerns are credit card numbers (can be used more freely) but those should be encrypted to comply with PCI standards and they has some substantial punishments for breaches. DOB is a problem as it helps ID theft, we really should stop giving them out theres very little need for most companies to have (cant think why talk talk needs it except for ID verification. then they are breached. bugger). passwords are the serious one for online because the public tend to use the same one so if compromised people can hack other serivices with the other details in hand. it should all be encrypted, but then a hacker shouldnt be able to get from website to database either.
 






Stumpy Tim

Well-known member
In the US companies have to announce any breach of personal information within 24 hours or get big fines. We don't have that here... yet. In 2016/2017 the new EU Data Protection Directive, which will force companies to announce breaches within 24 hours, and if they're found negligent they'll be fined 2% of worldwide revenue. That's a game-changer in Europe, as all member states will be forced to comply. The business case for security will be much easier.

Assuming the UK is in Europe of course
 






peterward

Well-known member
NSC Patron
Nov 11, 2009
12,275
Oh don't get me wrong, if I were a TalkTalk customer I'd be fairly concerned about the whole thing considering that they've already said that not all data was encrypted in the first place.

I was thinking of the wider question of whether online shopping is likely to take a hit, where I suspect the answer is no.

I am a talk talk broadband customer, paying by DD. guess these jihadi's have all my data. moral of story for me is no more DD. credit card recurring payments only. that way its the banks money and not mine at risk.

the alleged nutters who have my details, posted loads of email, bank and personal data as proof and ended with this

"We Have adapted To The Security measures Of The Web,, We Cannot Be Stopped. We Have Made Our Tracks Untraceable Through Onion Routing, Encrypted Chat Messages, Private Key Emails, Hacked Servers. We Will Teach our Children To Use The Web For Allah.. Your Hands Will Be Covered In Blood.. Judgement Day Is Soon
WE Are In The Soviet Russia And Near Place, Your Europe, WE control Asia, We Control AMERICA"

I'm pretty sure when ordering my tenner a month fibre i clicked that i didn't want my info shared with 3rd parties.
 


Albion and Premier League latest from Sky Sports


Top
Link Here