From what I'm being told the XSS flaw was found several weeks ago and was located at video.talktalk.co.uk. Edit - in fact you'll find the details here:
https://www.xssposed.org/incidents/93183/ Talktalk appear to have totally ignored the warning....
I'm told much of the TalkTalk site is (and I quote, so apologies for the language) "A {censored} mess coded by children or illiterate outsourced labour" and has multiple vulnerabilities, of which this is just the latest of many.
It would appear that the people with most to fear are some 400,000 people who recently joined TalkTalk as their credit check data (in its entirety) has been taken. This includes:
Name
DOB
Address
Tenancy Type
Years At Address
Months At Address
Home Telephone
Mobile Telephone
Email
Employer
Employment Title
Employment Location
Employers Phone
Bank
Account Number
Sort Code
I'd say that's more than enough data to ruin a lot of lives.
Time for the UK to bring in some real laws to affect negligent/incompetent CEOs. Someone within TT should be going to jail for this and we're always told the buck stops with the CEO, hence their pay so time for Dido to do some porridge I reckon.
NB - this is what I'm being told so its possible parts of it aren't true. So far it all checks out though....