TalkTalk website hit by cyber-attack

trinidadone

Hello everyone, i hope you enjoyed your extra hour in bed (except those with small children, arrrrrrrrrrr). TalkTalk have issued another update, which i thought I would share with everyone:

1:00pm - 25/10/2015 - Latest Update



The investigations by TalkTalk and the Metropolitan Police Cyber Crime Unit into the cyber attack continue. We can confirm that the latest update of our investigation is as follows:

This cyber attack was on our website not our core systems
We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789
TalkTalk My Account passwords have not been accessed
We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account
The Metropolitan Police Cyber Crime Unit criminal investigation continues
All customers should:

Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all TalkTalk customers. To sign up for Noddle and get your free credit monitoring alerts follow these steps.
Change your passwords - While TalkTalk My Account passwords have not been accessed, it would be prudent to change your TalkTalk password once this service is back up and running, and any other accounts that use the same password. We will update as soon as services are restored
Report anything suspicious - Keep an eye on your bank account and report anything unusual to your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and can be reached on 0300 123 2040 or via http://www.actionfraud.police.uk
Stay vigilant - TalkTalk will NEVER call customers and ask you to provide personal details or passwords. TalkTalk has written to all customers, but WILL NOT call customers individually. Please take all steps to check the true identity of any organisation that calls requesting for personal information. You can call us on 0800 083 2710 or 0141 230 0707.

https://help2.talktalk.co.uk/oct22incident

Peter999_2

I disagree, based on my comments previously about balancing risk.

I certainly won't be leaving them, especially as they are about to update my line from 80 meg to 1000 meg. Don't see many other ISPs offering that.

elektra

SnowTiger wrote: »

Punters are furious on TalkTalk's forums.

However, it appears the data breach may not have been as serious as initially reported.

https://help2.talktalk.co.uk/oct22incident:

The investigations by TalkTalk and the Metropolitan Police Cyber Crime Unit into the cyber attack continue. We can confirm that the latest update of our investigation is as follows:

• This cyber attack was on our website not our core systems
• We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789
• TalkTalk My Account passwords have not been accessed
• We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account
• The Metropolitan Police Cyber Crime Unit criminal investigation continues

The latest word is that only partial card details were taken and, despite what was reported earlier, passwords were not.

I guess the thieves, perhaps, only have a list of names, addresses and phone numbers. Possibly birth dates, too, however a lot of Talktalk users have said they've never given theirs to the company.

I think these data breaches are far more common than people think and wouldn't be surprised if those details weren't floating around out there already.

Yesterday, it was reported that customer's National Security numbers had been taken during the attack. Seriously??? Has anyone ever given their Internet provider their National Security number? Don't we refer to it as National Insurance number anyway?

Note they say 'this' cyber attack -no details on the other cyber attacks

Note they only talk about credit cards , not how bank account numbers are stored

It is what they don't say is more telling.

it is clear from the data on pastebin that someone has got hold of TalkTalk data which does include name,address, phone number and date of birth, sort code and bank details. Who knows if it is for all customers. The data posted is recent - e.g orders from August this year and the data looks valid -i.e pertaining to a real person.

https://forums.moneysavingexpert.com/discussion/5347558

The data is already out there so not sure I'll bother moving TalkTalk account - only just into a new contract but will talk to bank to see if maybe close and re-open a new account or see what alerts can be put on.

C_Mababejive

Jack_Griffin wrote: »

Think you are wrong there, no one in their right mind will touch this company with a bargepole.

Well i got the prices direct off the HL website.


"19th october about £3.00 a go,, to £2.39 on Friday then by close on Friday to £2.56."

So if you had bought on the low and sold on the high on friday you would have made a profit of around 7 %. I think if you had been lucky to get them for 239 or less and you hang on to them, you will bank an even greater profit.

macman

TT website still down, so I can't change MIL's password for her. We were originally told it would be up again on Friday.
In the meantime, I thought I'd sign her up for the free Noddle account, but their site is not working either, pages won't load-presumably swamped under the weight of 4 million potential new customers.
Shambles would be an understatement.

joe134

macman wrote: »

TT website still down, so I can't change MIL's password for her. We were originally told it would be up again on Friday.
In the meantime, I thought I'd sign her up for the free Noddle account, but their site is not working either, pages won't load-presumably swamped under the weight of 4 million potential new customers.
Shambles would be an understatement.

I have an A/c with Noddle, free , for ages now, and every time I try to apply the code, it still wants £20..Tried umpteen times.
Unless I'm doing something wrong,???

lupinlanspeary8

I did receive notification from Talktalk on Friday and it told me to register with Noddle for a credit check, put both my credit and debit care details in and on both Noddle told me that my card must be a new one or I haven`t registered on electoral roll, both of which are rubbish, had the same cards for years, use them regularly and I am on the electoral roll. Now I am totally panicking, is the Noddle website a scam, have I just given all my details to a scammer??? Talktalk website still down so am totally freaked out

alleycat`

Noddle has existed for a couple of years (2012 i think).

It belongs to callcredit.
--
Domain name:
noddle.co.uk

Registrant:
Callcredit Information Group Limited

Registrant type:
UK Limited Company, (Company number: 4968328)
--

It's not a scam site.
It wouldn't surprise me if the wheels have now fallen off adding potentially 4 million customers to the smaller of the credit checking agencies.

joe134

lupinlanspeary8 wrote: »

I did receive notification from Talktalk on Friday and it told me to register with Noddle for a credit check, put both my credit and debit care details in and on both Noddle told me that my card must be a new one or I haven`t registered on electoral roll, both of which are rubbish, had the same cards for years, use them regularly and I am on the electoral roll. Now I am totally panicking, is the Noddle website a scam, have I just given all my details to a scammer??? Talktalk website still down so am totally freaked out

Did you use the TT link, or Browser.?
Why TT give a link I've no idea, with the dubious info that's going round.Try using Browser,it's probably a glitch through over activity.
https://www.noddle.co.uk Type it in yourself;;;;;I've just logged in 3 times, not that busy.Still want £20, with TT231
Stuff Em.

SallyG

Read about Talk Talk here
http://www.theregister.co.uk/security/

Oct 23rd :
"Embattled telco TalkTalk, under fire for losing four million customers' data to an apparent hack, was hiring an information security officer just seven days ago.

Following TalkTalk's announcement of the data breach, which it bizarrely attributed to a Distributed Denial of Service Attack directed at its website, the company made confessed that it had been storing its customers' information in an unencrypted format.

This may have been due to some personnel shortages at the telco, with an advertisement for an information security officer going up just seven days ago.

The telecommunications company stated it was "seeking a skilled and highly experienced Information Security Officer to assist with the on-going programme of work to define, promote, achieve and maintain compliance with TalkTalk Information Security Group Policies with a view to reducing the risk of information security compromise." "