cancel
Showing results for 
Search instead for 
Did you mean: 

Talk Talk Hack

Community Veteran
Posts: 1,654
Registered: 13-06-2007

Talk Talk Hack

Just breaking news this now - Talk Talk is experiencing a significant and sustained attack with the potential for 4m bank details being accessed http://www.bbc.co.uk/news/uk-34611857
turns out the attack was on Wednesday... http://m.help.talktalk.co.uk/oct22incident
171 REPLIES
Moderator
Moderator
Posts: 25,789
Thanks: 1,134
Fixes: 47
Registered: 14-04-2007

Re: Talk Talk under attack

Sounds bad for them and their customers.
Customer and Forum Moderator.
Product of the Tyrell Corporation
nanotm
Pro
Posts: 5,674
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Talk Talk under attack

never understood why when an attack is seen they don't just yank the plug to protect stuff, sure they would loose the ability to provide the service until they put it back online but it would be worth some small service disruption to secure the data, its not like this is a new phenomenon and attacks don't take long to identify when in their early stages before any breaches occur, hopefully they will get fined severely for failing to protect the data they store, maybe we can even see them shutdown operations if its big enough to bankrupt them and their dodgy business practices !
just because your paranoid doesn't mean they aren't out to get you
SpendLessTime
Aspiring Hero
Posts: 2,375
Thanks: 585
Fixes: 53
Registered: 21-09-2009

Re: Talk Talk under attack

I cannot understand why ANY website has the bank/credit details on a internet facing server.
These details should be sent on a one way trip to a secure back end data server which can never be seen from the internet facing server again. A hash with the last 4 digits of the card can be kept on the customer facing server to act as an aid memoir but nothing else. Really simple to implement, I know I've done it. Just takes a bit of common sense in the IT department and a budget to enforce physical and logical separation of the various servers in the chain.
rongtw
Seasoned Hero
Posts: 6,337
Thanks: 1,156
Fixes: 11
Registered: 01-12-2010

Re: Talk Talk under attack

This morning before i saw this thread , i started a new topic http://community.plus.net/forum/index.php/topic,145048.0.html
I would have thought that it would have had more visibility there than on Chit Chat , but had been locked in favour of the one here  Roll eyes
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
ricke17
Grafter
Posts: 412
Thanks: 5
Registered: 19-01-2015

Re: Talk Talk under attack

Let's just hope pn and other ISP's learn from what's happened to Talk Talk.
Rick.
Fibre Broadband 80/20, Netgear D7000
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: 24-10-2013

Re: Talk Talk under attack

Quote from: rongtw
This morning before i saw this thread , i started a new topic http://community.plus.net/forum/index.php/topic,145048.0.html
I would have thought that it would have had more visibility there than on Chit Chat , but had been locked in favour of the one here  Roll eyes

the "your feedback" section is for plusnet feedback, talktalk being hacked has nothing to do with plusnet.
Quote from: ricke17
Let's just hope pn and other ISP's learn from what's happened to Talk Talk.

well plusnet are trying to copy talktalk like-for-like, so maybe a hack here is on the cards too Cheesy
nanotm
Pro
Posts: 5,674
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Talk Talk under attack

well its relevant to the p[n feedback section if the question is "I hope you don't do this "
we all know fine and well that there are various groups out there stealing info either to sell it on for profit or use it to buy stuff they cant afford /
just because your paranoid doesn't mean they aren't out to get you
rongtw
Seasoned Hero
Posts: 6,337
Thanks: 1,156
Fixes: 11
Registered: 01-12-2010

Re: Talk Talk under attack

Nantom exactly what i thought , PN customers would obviously like to hear from PN that they are taking steps to avoid a similar problem.
But as most will not visit chit chat it will be somewhat hidden  Lips are sealed
or at least PN should be telling customers not to worry , because there will be some who will Be ! 
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Plusnet Help Team
Plusnet Help Team
Posts: 12,751
Thanks: 106
Fixes: 32
Registered: 27-04-2007

Re: Talk Talk under attack

Quote
or at least PN should be telling customers not to worry , because there will be some who will Be !

Hi all,
The reality we need to face here is that such threats are now a growing risk for each and every company with a strong online presence. The incident involving Talk Talk definitely shows that even larger companies are not immune to such things happening.
We utilise a combination of different security mechanisms to defend us and our customer data against this kind of incident. Not only this but we do also work closely within the wider BT Group to ensure we’ve covered by their additional security countermeasures.
On our side of things we have an in-house security team who work 24-7 to monitor our sites and systems to identify and defend against any such attacks. This team along with our dedicated incident team works closely with BT’s Security Cyber-Defence Service Operations Centre and would issue information about any such incidents as they would occur.
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
nanotm
Pro
Posts: 5,674
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Talk Talk under attack

adam
does this mean your using a different approach to storing customer data that removes the potential for a breach from the internet connected side from being able to retrieve payment and address information?
I realise that as consumers/account holders we need to be able to see some information when we log in to check our account details but for instance when I check the payment information screen all I see is a bunch of asterisks in most of the boxes, does the internet connected side of the customer database contain all the digits in a scrambled form or  does it only contain asterisks and the real info is secured on a separate database server that has no outbound connections to the internet ?
that's the sort of thing people will care about,
clearly you cant obscure the account holder information or the phone number as that is all required to be visible to the account holder which does present some risk of data loss but realistically no more than any other website or forum is likely to contain (most people freely give that and more to facebook and forget or don't know how to make it private view only)

that's the kind of reassurance people will want to hear, obviously you cant make a statement along the lines of "its all fine people your data is safe with us that kind of leak or breach cant happen to us" because invariably some hacker group will bend their will to make it happen /
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: 24-10-2013

Re: Talk Talk under attack

Quote from: nanotm
I realise that as consumers/account holders we need to be able to see some information when we log in to check our account details but for instance when I check the payment information screen all I see is a bunch of asterisks in most of the boxes, does the internet connected side of the customer database contain all the digits in a scrambled form or  does it only contain asterisks and the real info is secured on a separate database server that has no outbound connections to the internet ?

i think it's fairly obvious that commenting on such a thing would be un-wise.
you don't want to release any details about what systems you use to protect data, it just gives fodder to those that you wouldn't want to know.
nanotm
Pro
Posts: 5,674
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Talk Talk under attack

true but a reassurance that they store the data in a different way would go a long way to allying fears, of course if they don't then perhaps this can act as a wake up call so they start doing so, whilst keeping their collective fingers crossed that they don't succumb to the same problem before the transition is completed /
just because your paranoid doesn't mean they aren't out to get you
Steve
Seasoned Pro
Posts: 6,697
Thanks: 250
Registered: 13-07-2009

Re: Talk Talk under attack

Bloody great innit, been in to my Bank this morning and got read a statement that has been given to them, guy I spoke with also is with TalkTalk and he doesn't seem to worried about changing anything so I will leave things as they are and monitor my accounts.
Plusnet Help Team
Plusnet Help Team
Posts: 12,751
Thanks: 106
Fixes: 32
Registered: 27-04-2007

Re: Talk Talk under attack

Quote
true but a reassurance that they store the data in a different way

As you might imagine we can't comment on how Talk Talk do this but as data storage and security is very subjective so it will be different to how we handle such matters.
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team