Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 2 of 3 FirstFirst 123 LastLast
    Results 11 to 20 of 28
    Like Tree2Likes

    TalkTalk hacked

    This is a discussion on TalkTalk hacked within the General chat forums, part of the Community channel category; Originally Posted by Scubbie Perhaps it's unfair to be pick on TT in this instance, as the hackers could have ...

    1. #11
      marjohn56's Avatar
      marjohn56 is offline Sky User Member
      Exchange: Cricklewood
      Broadband ISP: ZEN
      Router: Billion 8800NL(Modem Bridge) + OPNsense 20.7.a*
      Sky TV: Sky Q 2Tb+Mini
      Join Date
      Dec 2011
      Posts
      1,808
      Thanks
      13
      Thanked 141 Times in 132 Posts

      Re: TalkTalk hacked

      Quote Originally Posted by Scubbie View Post
      Perhaps it's unfair to be pick on TT in this instance, as the hackers could have targeted any other site.

      Whilst I don't know how their servers are structured, I was under the impression thar card details should normally be stored on a different server to the one that the customer details are stored on.
      My point was that this is the third time in twelve months that customers data has been stolen from TT.

      From what they are reporting on Sky news this morning, whilst I was munching my Fruit and Fibre, was that the data was NOT encrypted.

      How on earth, in this day and age can you store customer data in un-encrypted format; even the company I work for enrypts all of our customers details, and we are a fraction of the size of TT.

      My wife, who works for a American financial company, has to insert a USB bitlocker device into her laptop before she can use it.

      Encrypt it, It ain't rocket science!
      --------------------------------------------------------
      Artificial Intelligence is no match for Natural Stupidity.
      --------------------------------------------------------


    2. Advertisement
    3. #12
      marjohn56's Avatar
      marjohn56 is offline Sky User Member
      Exchange: Cricklewood
      Broadband ISP: ZEN
      Router: Billion 8800NL(Modem Bridge) + OPNsense 20.7.a*
      Sky TV: Sky Q 2Tb+Mini
      Join Date
      Dec 2011
      Posts
      1,808
      Thanks
      13
      Thanked 141 Times in 132 Posts

      Re: TalkTalk hacked

      Quote Originally Posted by coipu View Post
      I used to find Barclays online banking system very annoying, I am glad it's the way it is now...
      I don't like the Barclays method, I prefer the HSBC one with the key generator fob, that fob stays in my study. They keep offering me an option to change to secure digital in my mobile phone, no thanks, I might leave my mobile somewhere!

      There's a fortune to me made by someone to come up with a 100% foolproof way of storing data; however that will probably never be possible with the advent of Quantum computers. I was thinking last night as I was lying in bed musing on such things that maybe a retinal scanner on every PC is the way to go.
      --------------------------------------------------------
      Artificial Intelligence is no match for Natural Stupidity.
      --------------------------------------------------------

    4. #13
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,205
      Thanks
      846
      Thanked 2,224 Times in 2,093 Posts

      Re: TalkTalk hacked

      If indeed the data was stored without any encryption I suspect that TalkTalk might not be able to recover from this attack.

      Ahh... Before I clicked 'Post reply' I looked up on the BBC news site to see the latest. It doesn't look good for TalkTalk...

      TalkTalk cyber-attack: Boss 'very sorry for security breach' - BBC News
      TalkTalk cyber-attack: Boss 'very sorry for security breach'

      he head of TalkTalk says she is "very sorry" for the frustration and worry caused to customers after a major cyber-attack on the firm on Wednesday.The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack.

      Chief executive Dido Harding said the company had been working through the night to try to contact all customers.

      TalkTalk said it was too early to know exactly who had been affected.

      "I'm very sorry for all the frustration, worry and concern this will inevitably be causing all of our customers," Ms Harding told BBC News.

      "We have been working through the night to make sure that we contact all of our customers and can reassure them about how they can keep their data safe."

      *****

      What should you do if you think you're at risk?


      • Report any unusual activity on your accounts to your bank and the UK's national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk
      • TalkTalk is advising customers to change their account password as soon as its website is back up and running - expected to be later on Friday - and any other accounts for which you use the same password
      • Beware of scams: TalkTalk will not call or email customers asking for bank details or for you to download software to your computer, or send emails asking for you to provide your password


      TalkTalk hack: What should I do?


      *****

      She said the company was "rushing to communicate with customers" but that it would take 36 to 48 hours to email all of them.

      In a statement, the company said
      that a criminal investigation had been launched on Thursday.

      The Metropolitan Police, which is investigating, said no-one had been arrested over Wednesday's attack but enquiries were ongoing.

      TalkTalk said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:


      • Names and addresses
      • Dates of birth
      • Email addresses
      • Telephone numbers
      • TalkTalk account information
      • Credit card and bank details


      In the wake of the news, the company's share price dropped by 11% in the first few hours after the London stock exchange opened at 08:00 BST, their lowest level since August 2013.

      Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks.

      He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated.

      BBC Business editor Kamal Ahmed said there was also a possibility that the attack could be an attempt to blackmail the company.

      Ms Harding said she could not comment on the possible perpetrators or motives.

      *****

      Analysis

      By Rory Cellan-Jones, BBC technology correspondent

      Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk's speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed.

      We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work.

      I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted.

      For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust.

      *****

      The TalkTalk website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack, she added.

      The sales website and the "My account" services are still down but the company hopes to restore them on Friday.

      However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months.

      Sara Jones, from East Sussex, said she found out about the breach in the news.

      "I have not received a single piece of correspondence. The level of information is lacking. And to think this is Get Safe Online Week!

      "TalkTalk's online advice is not proportionate to what has happened. Telling customers to "keep an eye on accounts" just does not cut it in terms of advice."

      Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services.

      "They may not get a payment for my next bill if they don't get this sorted," he added.

      In August, the company revealed its mobile sales site had been targeted and personal data breached.

      And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. The attacks are understood to be unrelated.

      Ms Harding said: "Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company's defences be stronger?

      "I'm a customer myself of TalkTalk, I've been a victim of this attack."

      TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts. It added that every customer would be getting a year's free credit monitoring.
      In the articke above it is clear that some of the information has not been encrpyted and therefore people are now vulnerable to having their ID stolen, bank accounts stripped of any funds and much worse, if that is possible.

      Sure she is "sorry" but that is not good news for anyone.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    5. #14
      marjohn56's Avatar
      marjohn56 is offline Sky User Member
      Exchange: Cricklewood
      Broadband ISP: ZEN
      Router: Billion 8800NL(Modem Bridge) + OPNsense 20.7.a*
      Sky TV: Sky Q 2Tb+Mini
      Join Date
      Dec 2011
      Posts
      1,808
      Thanks
      13
      Thanked 141 Times in 132 Posts

      Re: TalkTalk hacked

      As she said "I'm a customer myself of TalkTalk, I've been a victim of this attack."

      You would have thought she would have ensured thier security was better, methinks the bottom line took precedence!
      --------------------------------------------------------
      Artificial Intelligence is no match for Natural Stupidity.
      --------------------------------------------------------

    6. #15
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,205
      Thanks
      846
      Thanked 2,224 Times in 2,093 Posts

      Re: TalkTalk hacked

      If enough people were to leave she be even more upset that they cut costs in the wrong places if that is true.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    7. #16
      marjohn56's Avatar
      marjohn56 is offline Sky User Member
      Exchange: Cricklewood
      Broadband ISP: ZEN
      Router: Billion 8800NL(Modem Bridge) + OPNsense 20.7.a*
      Sky TV: Sky Q 2Tb+Mini
      Join Date
      Dec 2011
      Posts
      1,808
      Thanks
      13
      Thanked 141 Times in 132 Posts

      Re: TalkTalk hacked

      Name me one commercial organisation where the bottom line is not the be all and end all?

      However, penny pinching in the wrong place can, as you said, come back and bite you in the bum.
      gymno likes this.
      --------------------------------------------------------
      Artificial Intelligence is no match for Natural Stupidity.
      --------------------------------------------------------

    8. #17
      seawright's Avatar
      seawright is offline Sky User Member
      Exchange: 02392
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Sky+HD box
      Join Date
      Jul 2012
      Posts
      3,518
      Thanks
      65
      Thanked 389 Times in 379 Posts

      Re: TalkTalk hacked

      This could be good news for Sky, as long as they make sure their own IT security house is in order.

      Most users of this forum will have seen first hand the effects of a recent DDoS attack. There isn't that much that a service provider can do to guard against it but as with any attack (even natural disasters) they can make sure that customers data is held securely while they are weathering the storm.

    9. #18
      bubblegun's Avatar
      bubblegun is offline Sky User Member
      Exchange: near Glasgow
      Broadband ISP: Sky ADSL
      Router: Billion 7400
      Sky TV: Sky Q 2TB
      Join Date
      Mar 2007
      Location
      Scotland
      Posts
      1,491
      Thanks
      24
      Thanked 123 Times in 118 Posts

      Re: TalkTalk hacked

      Quote Originally Posted by Scubbie View Post
      If indeed the data was stored without any encryption I suspect that TalkTalk might not be able to recover from this attack.

      Ahh... Before I clicked 'Post reply' I looked up on the BBC news site to see the latest. It doesn't look good for TalkTalk...

      TalkTalk cyber-attack: Boss 'very sorry for security breach' - BBC News


      In the articke above it is clear that some of the information has not been encrpyted and therefore people are now vulnerable to having their ID stolen, bank accounts stripped of any funds and much worse, if that is possible.

      Sure she is "sorry" but that is not good news for anyone.
      There are posts on The Register where people say that encrypting the data doesn't mean anything:

      "As secure as possible != encrypted
      Encryption is not a magic, all securing operation - it doesn't mean that data retrieved from the database is automatically rendered unusable. If the data was encrypted at database server or OS level (which is fine under PCI DSS), and there was an application exploit used to extract it (say SQL injection), then the database and OS would dutifully decrypt the data for the application's use, therefore the security flaw would mean the hacker gets the decrypted data anyway.
      The focus should be on application security rather than on encryption. It is possible to encrypt database rows and columns using a key from the application server. However, again as the application server needs to encrypt/decrypt per query, a SQLi attack will probably succeed. It is possible, although very difficult in practise, to implement row encryption in a web application. Complexity is the enemy of security - keep things simple and concentrate on security testing and plugging those vulnerabilities rather than adding unnecessary encryption to stored data."


      So if this is correct then lots of other companies may be vulnerable from a small leak on their main site.
      Please note the views and recommendations in my posts are my own and in no way reflect the views of Sky

    10. #19
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,205
      Thanks
      846
      Thanked 2,224 Times in 2,093 Posts

      Re: TalkTalk hacked

      Every aspect of this attack will have ramifications from a lot of companies across the UK and many other countries too.

      Ideally someone should be tasked with producing a report on this attack so that others can learn from the mistakes. I doubt if this would ever be made public though.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    11. #20
      lettice's Avatar
      lettice is offline Sky User Member
      Exchange: 0.4 mile away and cabinet 350 yards
      Broadband ISP: Sky Broadband Superfast + Boost
      Router: Sky Broadband Hub SR203
      Sky TV: SkyQ2tbV2+mini
      Join Date
      Jun 2011
      Location
      England
      Posts
      2,037
      Thanks
      12
      Thanked 191 Times in 182 Posts

      Re: TalkTalk hacked

      What really made me laugh having just seen a report of talk talk on sky news, they went to an ad break and an advert for Talk Talk!
      Also, was strange to hear the US news channels report the Talk Talk hack as; 'British telecom Talk Talk has been hacked'. I had to rewind and take a second take on it LOL!
      Scubbie likes this.

     

     
    Page 2 of 3 FirstFirst 123 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2020. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION