Call us on 01892 882420

TalkTalk Cyber Attacks

What has happened?

Thursday 22nd October TalkTalk announced it had suffered a severe cyber attack compromising the personal details of up to four million customers.

The company first indicated that the "sustained" attack was a distributed denial of service attack (DDoS). A DDoS attack is where a website is bombarded with waves of traffic that keep the servers so busy they are unable to handle “normal” requests.

That did not seem to explain the loss of data. Later TalkTalk released that there had also been a second attack hidden by the DDoS. This penetration attack is known as an SQL injection, it allows hackers gain access to a database by entering instructions in a web form.

By Friday, the head of TalkTalk Dido Harding received a ransom email from a suspected Russian-Jihadist group demanding money to stop the attacks.

TalkTalk have said that up to four million customers personal and banking information may have been accessed in the attack.  Some of the information, not all of which was encrypted, that may have been compromised include:

• Names and addresses
• Dates of birth
• Email Addresses
• Telephone Numbers
• TalkTalk account information
• Credit card and bank details

UPDATE: TalkTalk have said on Monday that the attack was not as bad as they first feared and mainly the attack was aimed at their public-facing website and not its core systems. Dido Harding has said, “The financial information they have on its own is not enough for them to access your bank account." 

Even though the hackers may not have the information required to directly access your bank accounts this information is still useful in the right hands.

What you can do to help protect yourself?

Phishing Calls
A phishing call is when someone claiming to work for your bank, TalkTalk or another company contacts you and tries to gain additional information such as banking passwords or transaction details.
Even though the hackers who attacked TalkTalk did not gain access to enough information to access bank accounts directly, the information they may have gathered can be used to fool people into believing they are TalkTalk or worse your bank.
• Be aware of any telephone calls claiming to be TalkTalk or your bank, especially if they are asking you for private information.
• If in doubt ask for a reference number and call the organisation back making sure you use the number you know or that you have searched for online. Do NOT use any phone number provided during the call without checking it first.

Phishing Emails
Hackers can send very convincing emails that look like they are from TalkTalk and instead are trying to get more information from you. Usually these emails consist of a link that will take you to a very legitimate looking website that will ask you for login details, do not enter them, this is the attackers trying to gain more information from you.
• The best way to avoid this is to go to the website directly or contact customer service and ask whether they sent an email.

Monitor Bank Accounts
Although this is a tiresome task to do, it is the quickest way to spot if your bank account has been accessed.
• Look through recent transactions for any payments you don’t recognise no matter how small.
If you spot any unusual activity contact your bank.

Changing and reusing passwords
TalkTalk is advising their customers to change their account passwords, especially if you use the same password across multiple accounts. Hackers may have harvested usernames, emails and passwords from TalkTalk which could be used to access other accounts and services.

Changing and reusing passwords
TalkTalk is advising their customers to change their account passwords, especially if you use the same password across multiple accounts. Hackers may have harvested usernames, emails and passwords from TalkTalk which could be used to access other accounts and services.
• Change your TalkTalk password.
• Change your email password – even if it’s not the same as TalkTalk, your mailbox is usually the place where your other accounts contact you with links to change passwords.
• Change the password on every other account that uses the same password as your TalkTalk account e.g. banks, online shopping, social media.
Security experts recommend using a different, secure password for each account. For more information read our article on Secure Passwords

References:
http://www.bbc.co.uk/news/uk-34615226
http://www.bbc.co.uk/news/technology-34615692
http://www.wired.co.uk/news/archive/2015-10/26/talktalk-cyber-attack-hack-update

<< Go back to the previous page