Talktalk Phone and Broadband Provider Hit By Cyber-attack, Personal Information And Banking Details
25 replies, posted
[quote=BBC]Police are investigating a "significant and sustained cyber-attack" on the TalkTalk website, the UK company says.
The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed.
TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.
The Metropolitan Police said no-one had been arrested over Wednesday's attack but enquiries were ongoing.
TalkTalk said in a statement that a criminal investigation had been launched on Thursday.
It said there was a chance that some of the following customer data had been accessed:
Names and addresses
Dates of birth
Email addresses
Telephone numbers
TalkTalk account information
Credit card and bank details
Dido Harding, chief executive of the TalkTalk group, told BBC News its website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack.
'Crime of our generation'
The TalkTalk sales website and the "My account" services are still down but the company hopes to restore them on Friday.
Ms Harding added: "We brought down all our websites [on Wednesday] lunchtime and have spent the last 24 hours investigating with the Met Police.
"It's too early to know exactly what data has been attacked and what has been stolen.
"Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well."[/quote]
Source: [url]http://www.bbc.co.uk/news/uk-34611857[/url]
I'm pissed right now. My broadband which I use comes from Talktalk and it has gotten worse over the past 2 months anyway, having this sort of grief on my hands is just the icing on the cake.
My grandmother received a scam call and fell for it because they knew her name and account number and such. I assume this is how they knew. She would have lost £1800 if it wasn't for a bank worker raising the alarm.
Tough luck Brits, I hope none of you get hit too hard by this.
Credit card numbers in plain text
What the FUCK are you doing, people.
[QUOTE=Radical_ed;48963062]Credit card numbers in plain text
What the FUCK are you doing, people.[/QUOTE]
'Saving money'.
[QUOTE=Radical_ed;48963062]Credit card numbers in plain text
What the FUCK are you doing, people.[/QUOTE]
It should be illegal
[QUOTE=Radical_ed;48963062]Credit card numbers in plain text
What the FUCK are you doing, people.[/QUOTE]
Honestly, TalkTalk are utterly useless.
The company I currently work for TRIED getting their broadband for a new 8 person office through TT. 2 months and 2 CEO Office level complaints later, they are still without internet and we cannot move them to a new ISP because our line is 'stuck' on TalkTalks provision system.
Just spent past 10 minutes briefing parents on what could potentially happen.
They should be throwing the book at these clowns.
Nice, we're with TalkTalk and they're fucking awful, maybe I can use this to convince my family to change :v:
[QUOTE=itisjuly;48965354]It should be illegal[/QUOTE]
In theory it is, you could argue that not enough steps were taken to protect peoples data and is thus in breech of the data protection act.
Pretty sure to store credit card details you have to pass a bunch of regulations, which I believe includes encrypting them. This may indeed open them up to legal proceedings.
I don't know how you are all assuming the credit card details were not secured, it doesn't say that anywhere. It is unknown at the moment what was encrypted and what wasn't. They have to say that the information "may have been accessed" whether it was encrypted or not since they simply don't know what could be done with that data by whoever has it now.
Wow, and to think that I was considering switching to them. Good thing I held off.
[QUOTE=CMB Unit 01;48965678]Wow, and to think that I was considering switching to them. Good thing I held off.[/QUOTE]
Their service is shit, anyway, my parents have had nothing but grief with them, I guess this will be the thing to finally make them decide to switch to somebody else.
Do we actually have any good ISPs in the UK?
[QUOTE=Craigewan;48966253]Their service is shit, anyway, my parents have had nothing but grief with them, I guess this will be the thing to finally make them decide to switch to somebody else.
Do we actually have any good ISPs in the UK?[/QUOTE]
BT's service is good, and you get really good down/up on Infinity. Costs a boatload though, hence the consideration to switch.
I've never had a problem with them before
[IMG]http://i60.tinypic.com/rvxevc.jpg[/IMG]
We were on talk talk until about a month ago, ended up leaving because the service was abysmal, and contacting them about it just got you put through to the sales department where an Indian man would try to sell you more expensive packages until you hung up.
I hope they didn't keep our details stored anywhere after we left.
So that puts the nail in the coffin for us.. We've had tons of speed issues lately and its been awful.. Plus this, I've had it with Talktalk
So, I can't get Virgin Broadband. Is BT the next best option?
Wonderful. Fucking wonderful.
Maybe this'll convince my dad to change fucking providers.
We switched from TalkTalk to BT years ago. Thank god.
My uncle got put on TalkTalk without consent :v:
Good thing I'm on plusnet.
[QUOTE=NightmareX91;48969038]My uncle got put on TalkTalk without consent :v:
Good thing I'm on plusnet.[/QUOTE]
Plusnet aren't much better with their security. While talking to support they asked for 2 letters they specified from my password for the account for verification. Clearly they store it (or some of it) in plain text.
The same is with UCAS (at least it was a few years ago) where they gave me the password I registered with if I clicked on forgot my password. Despite me raising this to them several times as far as I'm aware they haven't fixed the problem.
We've grown to trust places to secure our information but they don't bother. Nobody bothers...
Companies now have departments to calculate if its cheaper to let the fuck up happen and pay damages or to fix the problem... The entire system is fucked and its wrong... they're fucking you because they know they can save a dollar by not encrypting shit.
I'm all for making money providing it doesn't fuck with the paying customers.
[QUOTE=Th13teen;48969185]Plusnet aren't much better with their security. While talking to support they asked for 2 letters they specified from my password for the account for verification. Clearly they store it (or some of it) in plain text.
The same is with UCAS (at least it was a few years ago) where they gave me the password I registered with if I clicked on forgot my password. Despite me raising this to them several times as far as I'm aware they haven't fixed the problem.
We've grown to trust places to secure our information but they don't bother. Nobody bothers...
Companies now have departments to calculate if its cheaper to let the fuck up happen and pay damages or to fix the problem... The entire system is fucked and its wrong... they're fucking you because they know they can save a dollar by not encrypting shit.
I'm all for making money providing it doesn't fuck with the paying customers.[/QUOTE]
Huh.
Well shit.
[QUOTE=Radical_ed;48963062]Credit card numbers in plain text
What the FUCK are you doing, people.[/QUOTE]
Breaking the law.
[QUOTE=itisjuly;48965354]It should be illegal[/QUOTE]
It is, but the laws need to be stricter and have greater fines. The law cannot protect users from lazy security practices that could expose the private keys used to encrypt the data, though. If the server or software used to encrypt data going into a database is compromised it doesn't matter, but storing shit in plain text should be flat out illegal in most western countries by now.
[url]http://www.infosecurityeurope.com/__novadocuments/21997[/url]
[QUOTE=Th13teen;48969185]Plusnet aren't much better with their security. While talking to support they asked for 2 letters they specified from my password for the account for verification. Clearly they store it (or some of it) in plain text.
The same is with UCAS (at least it was a few years ago) where they gave me the password I registered with if I clicked on forgot my password. Despite me raising this to them several times as far as I'm aware they haven't fixed the problem.
We've grown to trust places to secure our information but they don't bother. Nobody bothers...
Companies now have departments to calculate if its cheaper to let the fuck up happen and pay damages or to fix the problem... The entire system is fucked and its wrong... they're fucking you because they know they can save a dollar by not encrypting shit.
I'm all for making money providing it doesn't fuck with the paying customers.[/QUOTE]
I can confirm the UCAS shit, I ended up showing my college class my password thanks to their system for forgetting your password. A friend of mine even raised it to them, and again same reaction.
Companies that hold confidential information need to be prioritising security in their IT infrastructures, but because nothing's happened to them they think their untouchable to these risks.
If anyone is switching, go for Plusnet. Refer me and we'll get both discount.
Sorry, you need to Log In to post a reply to this thread.