The TalkTalk Hack: What You Need to Know

This article was submitted by Cassie Phillips from SecureThoughts, an online security information portal.

TalkTalk, one of the largest providers of broadband and phone service in the UK, has recently admitted to being the victim of a large cyberattack. For those in the United States or in another country where TalkTalk’s influence isn’t as widespread, it could be considered on the same level as a Verizon or an AT&T data breach.

The First Signs

The company recently released a statement telling its millions of customers that there was a “significant and sustained cyber attack on our website yesterday” (as of 10/22/2015), and, therefore, an investigation is being launched to find the culprits. In the same statement, they similarly warn that the data stolen from consumers could have include addresses, names, dates of birth, account information, and financial information. The rest of the statement mostly consisted of instructions for customers on how to better protect themselves from the results of the cyber attack. Compared to other statements in similar situations, the language appeared to be immediate and worried, showcasing the lack of control TalkTalk had over the situation.

Hackers and other cybercriminals have used a lot less information to steal identities, and now an unknown quantity of the information is likely available on online black markets dedicated to the trading of information as a commodity. In the worst case scenario, there would a strong likelihood that even months down the road victims will be feeling the ripples from this massive cyber attack.

After the First Update

Fortunately, TalkTalk released another statement stating that “This cyber attack was on our website, not our core systems,” meaning that much of the information that could be directly used for identity theft was not fully available to the hackers.

Yet the average TalkTalk customer remained endangered, as the information that was available could still be used in the aid of cyber attacks. Many will find disturbing the fact that their address is available to the highest bidder. The sheer volume of this information means that the culprits will be making a profit on their time and effort if they manage to sell it.

It should be noted that the culprits of these types of attacks rarely use it themselves but sell it to syndicates and fraudsters. Similar processes occur when hackers throw a figurative dragnet over public networks hoping to intercept the information of people not using a VPN.

Later we learned more about the specific data involved, which you can read about here. It wasn’t nearly as bad, but it was still much worse than it needed to be.

Teenagers? Yes, Teenagers.

Fortunately for all of those involved, there have been multiple arrests in connection with the attack. As of the time of this writing, two teenage boys have been arrested and questioned about the attacks, and they have both currently been released on bail. We are still waiting to hear more about the teenagers and their exact involvement in the attacks, but it is setting the media alight with speculation about the security of TalkTalk. If a few teenagers can play an instrumental role in infiltrating one of the largest telecommunications companies in the UK, what else is possible?

The identities of the alleged culprits have both shocked and frightened consumers, although professionals aren’t too surprised (but they aren’t concerned). Unless the teenagers are exceptionally gifted (which is always a possibility), this is a demonstration at the ability of people to find hacking tools and scripts online, and hackers are too often more than willing to share (having hidden malware or other code beneficial to the creator inside the program). We cannot expect this to be the last attack of this nature.

What Could Have Been Done?

In the security community, most of the response has been critical of TalkTalk’s efforts to protect their information inside their servers. Andy Heather, VP of HP Security, comments on the subject that "If data is left unprotected, it's not a matter of 'if' it will be compromised, it's a matter of ‘when.’" Many of the other professional quotes are along the same lines, and there is a clear call to action regarding security protocols in large corporations.

In many cases, the data stolen could have been encrypted inside the servers of TalkTalk, yet for some reason this is not the case. If negligence is shown, this could mean a hefty lawsuit costing TalkTalk a great deal of money on top of the lost goodwill and customers. Who was making the calls regarding security? Could this have been prevented? What changes will be implemented in the future to prevent this kind of situation?

Image courtesy of Maurizio Pesce under CC BY 2.0

Do You Think You Might Be Affected?

If you are a TalkTalk customer who might have been affected by the hack, it is advised that you change your password and any other security identification information that you can. You should note that TalkTalk will never ask you for your full password or bank information unless it is through a pre-arranged appointment. If you are ever suspicious, you should always err on the side of caution. Do not download software or click on links allegedly from TalkTalk that you fear might not be safe. Again, err on the side of caution. You may wish to visit TalkTalk’s website set up in response to this crisis.

This entire situation only shows consumers that cybersecurity is a complex issue that not even the industry giants have locked down. Alternatively and perhaps more disturbingly, it could show that the industry giants will put profit ahead of protecting their customers. Either way, the relationship between broadband giants and consumers is broken, and consumers feel the increasing need to take security into their own hands.

About SecureThoughts: Secure Thoughts is the leading technology security information portal on the web. We’ve helped major players in tech industry, such as Google, Microsoft, and Apple, ensure their technology is safe and their users are protected.[website].

TeskaLabs is an enterprise security provider, specializing in mobile and Internet of Things. Check out our security solutions for mobile & IoT applications or follow us on Twitter @TeskaLabs.

About the Author

Guest Author

A guest author is an SME of his/her topics or a friend of TeskaLabs.