TalkTalk website hit by cyber-attack

poppy10_2

Goldiegirl wrote: »

We need to remember that Talk Talk have been the victim of a crime. Do you normally blame the victim of the crime? Or the criminal?

If your doctor keeps the case notes for you and your family in his car and then leaves it with the door wide open, do you blame him, or see him as a victim?

Companies collecting sensitive user data have a legal and ethical duty to protect that data. Anyone can be hacked, but it's absolutely criminal of TalkTalk not to have encrypted the most sensitive data such as bank/credit card details. Even in the large scale attacks that have been reported over the last couple of years, in most cases the hackers just got away with names and email addresses - banking info is always encrypted. It is beyond belief that a tech company thought they could get away with not protecting their users data.

Talktalk have always been scammers though. I left them years ago but they continued taking money out of my bank account for several months, and would never refund the money. They treat customers with contempt. With a big blow to public confidence like this, they should go out of business.

Goldiegirl

onomatopoeia99 wrote: »

Encrypted data can, in the main, be decrypted. One way encryption is possible, and passwords are routinely stored this way (you only have to check that the encrypted password stored in the database matches the encrypted version of the password just entered), but that is hopeless for things that the user might wish to see and edit, e.g. address details, or things that need to be used after being stored, e.g. card details.

If the site has been compromised to the extent that data has been stolen, then it's fair to assume that the decryption keys used on the site to read any encrypted data have also been stolen. Having the data encrypted would add nothing in the circumstance.

I visited Bletchley Park this week, and saw how the war time code breakers broke the Enigma code, which was considered unbreakable by the Germans.


I would say that, if the criminals were proficient enough to get into Talk Talk, they would also be proficient enough to have a good go at breaking any encrypted data.






But the information that Talk Talk have on me, such as my name and address (on the voters roll) and my phone number (available via directory enquiries) is in the public domain. My bank sort code and account number is on any cheque that I write out. I think the risk of a big scale criminal wading through 4 million people in order to try and set up a direct debit on my bank account is small.


I'm not complacent - I will be changing my Talk Talk password as soon as I am able, and keeping a close eye on the account that my Talk Talk direct debit is taken from.


I think the real risk is for the information to be sold on, so there could be more risk from phishing attempts.


So I am going to remain vigilant, but keep the perceived risk of loss in proportion.

Goldiegirl

poppy10 wrote: »

If your doctor keeps the case notes for you and your family in his car and then leaves it with the door wide open, do you blame him, or see him as a victim?

In this case he was reckless with my information..... but he was also a victim of a crime. Both parties are culpable.


At this point nobody really knows what Talk Talk's security arrangements were - but I doubt very much that it was an open door.


I'm not saying Talk Talk are blameless - but they have been a victim of crime.

danmck_2

I've used my card on Talk Talk's website (for speedy discounts) so went into HSBC today to ask if I should cancel my debit card.

Put me through on the in-branch phones and was told there that they are just cancelling cards of people calling in re: this. Took less than 10 minutes (and was able to get cash out first).

Oh - I have received my e-mail (just after 12 today) but it didn't really say much.

alleycat`

Ransom demand has just arrived...
(not from me i should add)

Forex_Fred

Site still down and tried to ring to pay me bill. Gave up after 15 minutes. So if I miss the bill date I will get charged by TT. I can't even get in touch to leave them.

!!!!.

Comping_Rich

The only problem for former customers of TalkTalk, is when you leave you lose access to My Account, even though you can still log into mail you can't change a password because you need to log into My Account.

So how do former TalkTalk customers change their passwords to their email.

How do I reset my email password?
If you've forgotten your email address or password you can find your address and reset the password using My Account. If you've set up recovery details for your email address, you can also use the Email password reset service to get access to your email account.

These instructions are for existing customers only – if you leave TalkTalk you'll be able to access My Account for 12 months, after which My Account will close. If you don't have access to My Account, and you've not set up any recovery details, you won't be able to manage your email address information.

Which idiot thought it a good idea to prevent former customers from being able to change the password to their email addresses? Especially when we are encouraged to change our passwords regularly!

We had a problem a few months ago, my dad is the main account holder for our broadband. We left TalkTalk 2 years ago, when BT first started offering free sport package for new and existing customers, obviously we could still access our TalkTalk emails, however earlier this year, all of a sudden my dad could not log into his email account, on his iPad he got the message saying mail setting were incorrect and to check them, we contacted TalkTalk but they were useless, from what I understand they closed a number of email addresses, it would seem one of them was my dad's, the strange thing is why close just that one email address? As my mum can still access her old TalkTalk address, I can still access mine, and my dad can access his other one which he set up for his business emails.

rachelworrall1991

I am signed up with an 18 month contract with talktalk which only started in august. since being a talktalk customer they have increased the contract monthly price and also been hacked twice. I feel so unsafe using this provider and I want to end my contract with them on the grounds of my details being breached. will I still have to pay the full contract price? I wish I never signed up with them. telling us we will get free credit checks for a year so we can monitor our credit n prevent us being a target of identity theft..due to their crappy website being hacked shouldn't we get the credit check anyway? I don't think that's a fair swop for my bank details. fuming cn anyone advise me on how I can cancel this contract without paying 16months worth of bills? thankyou for anyone who cud advise me. surely we have rights

SallyG

http://www.theguardian.com/business/2015/oct/23/talktalk-cyber-attack-customers-scam-calls-day-before-announcement

“I tried to cut the call there, but I was then subjected to threats about what might happen if I hung up, including the possibility that my computer would blow up and kill me. So I wasn’t surprised when I heard about the cyber-attack yesterday, and think it could be linked in some way.”

fermi

http://www.thisismoney.co.uk/money/news/article-3286040/TalkTalk-says-want-terminate-contract-early-considered-case-case-basis-a.html

TalkTalk could be facing a mass exodus of customers after suffering its third high-profile cyber-attack in a year this week.

A spokesman for the telecoms giant told This is Money that those who wish to terminate their contract early because of the hack will be 'considered on an individual basis.'

MSE are also asking....

https://twitter.com/stevenowottny/status/657497552489684992