2 replies to this topic

[paws]

Talktalk (UK based ISP and telecom provider) reports that it was attacked this Wednesday 21st Oct 2015 by a DDoS and SQL injection hack that has potentially compromised the email addresses, dates of birth, bank account details credit card details etc of approx 4 million customers.

 

Any customer receiving a telephone call that appears to be from Talktalk should tread cautiously as scammers will probably be quick to jump on the bandwagon and pretend that they are working for Talktalk and are to help you..... they may well be "sailing under false colours" so please be on your guard. to make sure that you do not become a victim.

 

It's also possible that emails will be sent out by scammers, perhaps with attachments or hyperlinks in them offering assistance, again it is not recommended to click on any links in emails, or to open attachments without the closest possible scrutiny. Customers are being advised to be on their guard against potential identity theft and to monitor carefully their credit history ratings, and bank account and credit card statement for any unusual activity. The banks and credit card companies are aware of the situation.

 

For those who use their talktalk log in passwords for other websites..... then don't delay, rectify the position immediately and change your password details for these other sites from a known clean computer. The golden rule is one password for each site and use separate passwords for each site..... there is plenty of information available on how to create and use (and remember!) different passwords....tip Don't use a word that is in any dictionary in any language.... and make full use of characters like> or $,*£+!+ etc., Upper and lower case characters also help..

 

It is not currently possible to change passwords on your talktalk account (the facility has been disabled) and the police are conducting a criminal; investigation, it is anticipated that changing the passwords will soon be enabled and talktalk will offer information as soon as possible.and advice on how this can be done.

 

It is believed that it's possible that some data that has been potentially compromised may not be encrypted.

talktalk is working with security advisers, the police and other national agencies in order to limit the scope for potential damage and safeguard their customers as far as possible.

 

The Chief Executive Officer of talktalk is said to have received a ransom demand from those who claim to be acting on behalf of the hackers.... but no further information is currently available on this.

 

This note is offered for general information and is not issued by, or on behalf of either talktalk or whatthetech

[paws]

talktalk's investigations continue but they have made the following announcement:

 

 

The number of customers affected and the amount of data potentially stolen is smaller than originally thought.
 

Our website was attacked, but our core systems weren’t and remain secure

 

On its own, none of the data that may have been accessed could be used to leave you financially worse off.

 

We don’t store unencrypted credit or debit card data on our site, so any card details which may have been   accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.

 

No My Account passwords have been accessed.

 

No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.

 

 

I'll continue to update this thread when further information is made available

[paws]

The following update has been announced by talk talk:

 

Since the cyber attack on our website on Wednesday 21st October 2015, we have been working with the Metropolitan Police Cyber Crime Unit and world leading cyber crime and security experts, to establish what happened and to understand the extent of the data stolen during the attack.

 

Our investigation continues, but we now know the extent of the data accessed is significantly less than originally suspected.   We can now confirm that the following personal data were accessed

   • Less than 21,000 unique bank account numbers and sort codes

   • Less than 28,000 obscured credit and debit card details. As previously stated, the middle 6 digits had been removed and therefore are not usable for financial transactions e.g. 012345 xxxxxx 6789.

   • Less than 15,000 dates of birth.

   • Less than 1.2 million email addresses, names and phone numbers.   As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. As an extra precaution, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect accounts in the highly unlikely event that a criminal attempts to defraud them. We can also reassure you that no TalkTalk My Account passwords were accessed.

  Continue to keep yourself protected   Our offer of 12 months free credit monitoring alerts is still available. We would encourage you to sign up to Noddle, one of the leading credit reference agencies, using the code TT231.   Even though the scale of the attack is significantly smaller than initially suspected, we would also advise you to be vigilant, and to take all precautions possible to protect yourself from scam phone calls and emails.   We want to make customers aware that we will not call or otherwise contact you regarding this incident and ask for bank details or other financial or personal information.   TalkTalk will also NEVER:

  • Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.

  • Call customers and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.

  • Send customers emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security. Once again, we want to reassure you we are taking every precaution to keep your information safe. If you have any questions, please visit www.talktalk.co.uk/secure or call us on 0800 083 2710.

 

On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that.

 

    Yours sincerely,  

Dido Harding
Chief Executive Officer  

Comment by paws: It certainly looks like the security issue is not as far reaching as might have been thought originally, however it is still a useful reminder that folks need to take sensible precautions, and this applies to both corporate and the home user.