cancel
Showing results for 
Search instead for 
Did you mean: 

Talk Talk Stolen Data

Cleoriff
Level 94: Supreme
  • 122352 Posts
  • 824 Topics
  • 7457 Solutions
Registered:

Talk Talk have admitted that some customers accounts have been 'hacked'.

The information stolen included names, addresses, phone numbers and TalkTalk account numbers. The company was confident that no sensitive or payment data went astray in the hack.

The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014  'Only a few thousand accounts were affected'!!

It made interesting reading to see Talk Talk admitting that the attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.

http://www.bbc.com/news/technology-31656613

I am no expert....but does this ring warning bells with anyone? slight_frown

Veritas Numquam Perit

Girl in a jacket
Message 1 of 51
3,075 Views
50 REPLIES 50

Anonymous
Not applicable

@anticipated

 

Sorry, but I don't really understand what you're saying.

 

I think I dumbed down the http HEAD example, (which was just a trivial thing off the top of my head), to gutter level when I said that anybody could search for it on Google, and discover websites that let you check up on what other sites are running.

 

Are you seriously telling me it's beyond the average man in the street to do a google search, then put his bank's/retailer's/charity's website in to a dialogue box and click OK?  When it comes back and says something like "that site runs Apache 0.9", you can search google for "Apache 0.9", and what people in the industry are saying.  Based on that, you can maybe draw your own conclusions on the level of tecnho-awareness the organisation has.

 

Sorry, but I like to give people the opportunity to do their own research, and I don't think that's inappropriate.

 

Regarding your second comment, I am completely confused.  Stuxnet, and the OpenSSL exploit, (I assume you are referring to 'heartbleed'), are two completely different extremes.  In a nutshell, Stuxnet was a highly specialised and targetted attack against a very specific target.  The OpenSSL exploit was, on the face of it, a programming error that went undetected, (there are some conspiracy theories about that, which I can't discount).  What those have to do with my expectation that companies handling personal data can be reasonably expected to employ good IT professionals, I don't know.  For reference, fixing the OpenSSL exploit was fairly trivial for anyone even reasonably skilled in IT, although it was tedious for various reasons.

 

Your comment that you are an advocate of privacy but not naive to believe that people won't cut corners, just demonstrates what I am trying to tell people.  STOP allowing corner-cutting in IT to be so socially acceptable!

 

Would you accept an electrician who replaced all the fuses in your house with wires?  Even though everything appeared to be working?  Is that socially acceptable?

 

As for dumbing down the terminology, I have only mentioned two technical terms relevant to the discussion.  You have brought up php, perl, GET and POST requests, stuxnet and OpenSSL, none of which appear remotely related to the issue at hand.

 

I'm afraid I don't really understand what point you're trying to make.

Message 31 of 51
722 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

Yes, bringing up development languages and those security breaches is not really related to your original point and I'm sorry for meandering. 

 

I found that Facebook is a big harvester of data and removed my account as much as possible. And these cold call you get from Foreign Call centres don't help matters either. Recently I was advised to remove myself from the Open Register as this is often a way for companies to obtain information cheaply.

 

OK back on topic....

 

I would love to think that my information was 99.99% safe however 98.3% isn't too much of a compromise.

 

Talk Mobile/Talk Talk as far as I can tell are a cheap company from a consumer point of view administered from a call centre in New Dehli. Being as I am not a fan of call centres I avoid them like the plague although the women from Netflix was nice and pleasant.

 

Even everyone looked up the information on Google what good is it going to do if the companies at hand are following the OFCOM regulations to the letter (or at least appeaing to).

 

Who knows?

 

Last time I did a website I ran a phpinfo() command for a server dump although I can't remember the Apache version. Maybe I have the file still the file on my laptop.

 

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 32 of 51
715 Views

Anonymous
Not applicable

Something that I'd like to point out is that there is often no technical or legal obligation to give ACCURATE personal details out.

 

For example, my mother's maiden name can be anything I want it to be on a website form.  "Fred" was a entertaining choice once.

 

Whenever a helpdesk insists on a contact number to call me back on if the line drops, when I just want some general information, they're given 020 7946 0439.

 

Postcode?  Use the company's own one.  They rarely think to block that.

 

First school attended?  First car owned?  Come on!  Use your imagination!

Message 33 of 51
700 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

I've got to be honest unless I actually telephone any call centre I don't give any information out.

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 34 of 51
696 Views

anticpated
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

Maybe I'll give you a call and try to sell you rusty tap from a well-loved kitchen sink then....

More info
Smiley LOL
Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 35 of 51
696 Views

Cleoriff
  • 122352 Posts
  • 824 Topics
  • 7457 Solutions
Registered:

Amazing how far this thread has come if honest. Who knew what would happen when I shared the info about Talk Talk and their 'stolen data'?....

Most of it has gone flying over the top of my head.... as its far too technical for me......

Someone once said 'you can confuse a dumb ass with jargon'....I forget the rest of what was said...but I am sure you get the gist.

Anyway I refuse to be intimidated by it all....I shall plod on keeping myself and my data as safe as possible LOL

Veritas Numquam Perit

Girl in a jacket
Message 36 of 51
694 Views

Cleoriff
Level 94: Supreme
  • 122352 Posts
  • 824 Topics
  • 7457 Solutions
Registered:

NB: I edited the above post as it initially showed I had used a swear word....(which I definitely did NOT) wink

Veritas Numquam Perit

Girl in a jacket
Message 37 of 51
691 Views

Anonymous
Not applicable

@Cleoriff wrote:

NB: I edited the above post as it initially showed I had used a swear word....(which I definitely did NOT) wink


That's really annoying when the system automatically censors an innocent word Smiley Very Happy

Message 38 of 51
687 Views

Anonymous
Not applicable

I hope the technical discussion hasn't distracted too much from the point I was trying to make, which was basically that it is NOT unreasonable to expect companies who process your private info electronically, to keep it private.

 

It might all seem highly technical and beyond the average person in the street, but honestly, to anyone skilled in the art, it should be all in a day's work.

 

There seems to be a growing belief that computers and the internet are some kind of growing monster that we don't have any control over, (oh no, I've just got the music from "The Blob" in my head now!), but it's NOT true!

 

It's being used as an excuse for corporate laziness, cost cutting, and lack of responsibility.  To blame that on "hackers", really insults the people who WANT to do a good job with IT, and who are prevented from doing it by a lack of desire from management and directors, simply because it's easier to appologise afterwards.

Message 39 of 51
687 Views

Anonymous
Not applicable

@Anonymous wrote:

I hope the technical discussion hasn't distracted too much from the point I was trying to make, which was basically that it is NOT unreasonable to expect companies who process your private info electronically, to keep it private.

 

It might all seem highly technical and beyond the average person in the street, but honestly, to anyone skilled in the art, it should be all in a day's work.

 

There seems to be a growing belief that computers and the internet are some kind of growing monster that we don't have any control over, (oh no, I've just got the music from "The Blob" in my head now!), but it's NOT true!

 

It's being used as an excuse for corporate laziness, cost cutting, and lack of responsibility.  To blame that on "hackers", really insults the people who WANT to do a good job with IT, and who are prevented from doing it by a lack of desire from management and directors, simply because it's easier to appologise afterwards.


I think you made the main point most effectively @Anonymous in what has been a most interesting topic.  What I am not entirely clear about is what customers/users like me can actually do about it in our everyday interactions with the digital world, apart from withdrawing our custom from "guilty" companies.  Of course we can ensure we have some anti-virus/malware/firewall precautions in place, but how do we know we can trust them?   Most businesses will have a paragraph somewhere on their websites informing us that they take our data security and privacy seriously etc. but how do we check that out?

When Norton shows me "This page is safe" does that tell me anything about how good the originating company might be in safeguarding my personal information? 

 

 

Message 40 of 51
636 Views