Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[guest]

From what I'm being told the XSS flaw was found several weeks ago and was located at video.talktalk.co.uk. Edit - in fact you'll find the details here: https://www.xssposed.org/incidents/93183/ Talktalk appear to have totally ignored the warning....

I'm told much of the TalkTalk site is (and I quote, so apologies for the language) "A {censored} mess coded by children or illiterate outsourced labour" and has multiple vulnerabilities, of which this is just the latest of many.

It would appear that the people with most to fear are some 400,000 people who recently joined TalkTalk as their credit check data (in its entirety) has been taken. This includes:

Name
DOB
Address
Tenancy Type
Years At Address
Months At Address
Home Telephone
Mobile Telephone
Email
Employer
Employment Title
Employment Location
Employers Phone
Bank
Account Number
Sort Code

I'd say that's more than enough data to ruin a lot of lives.

Time for the UK to bring in some real laws to affect negligent/incompetent CEOs. Someone within TT should be going to jail for this and we're always told the buck stops with the CEO, hence their pay so time for Dido to do some porridge I reckon.

NB - this is what I'm being told so its possible parts of it aren't true. So far it all checks out though....

[les-70]

  Much as you might expect it seems impossible to get a Noddle account.  I assume the site is simply overloaded.  It get more depressing by the minute.

[broadstairs]

  Much as you might expect it seems impossible to get a Noddle account.  I assume the site is simply overloaded.  It get more depressing by the minute.

Or possibly it is being targeted by hackers as it could have 1000's of TT customers data which could fill the gaps in the stuff they got from TT.

Stuart

[jid]

  Much as you might expect it seems impossible to get a Noddle account.  I assume the site is simply overloaded.  It get more depressing by the minute.

I can access Noddle without any problems?

[les-70]

  I can access the site but experience endless waits after the first page of the signup.

[guest]

I'm not sure I'd sign up to a US credit-checking agency* given the constraints the Patriot Act puts on US companies (ie all your data belongs to the US govt on demand).

YMMV of course....

*noddle is 100% owned by Callcredit who in turn are based in Chicago.

[vic0239]

As things are going I would withdraw enough cash for a week or so and contact the bank to re-issue new cards (new card numbers and pins) and change passwords on all internet banking etc.
You would be able to track any transactions easily as you will have gone to 'Cash Only' from a known date.
DD transactions should be safe but you will need to monitor your accounts for odd activity.

Q: Has anyone been through this and had to set up all new accounts etc ?
How good are the banks at doing all this without messing up all you DD's and other regular transfers ?

I once had my credit card compromised and it was swiftly stopped by my Bank and all fraudulent transactions refunded. The new account was set up immediately, but it took about a week to receive the new cards. Because my credit card could be used to initiate a password reset on my online banking and thus put my current account at risk, my debit cards were cancelled and reissued and my online banking credentials were removed as well. I could set these up again immediately, but the cards took about a week to come.

During the above my current account remained open, but I recently used the new switching service to move my current account and the process was seamless. Everything was transferred automatically, direct debits, standing orders, pension credits and all of my online banking payees.  I was quite impressed. 

[AArdvark]

@vic0239
Thanks, sounds like the banks are getting better. 
Useful to know.

[guest]

Sounds like Dido has "done a Ratner"

Harding said that her company was under no "legal obligation" to encrypt sensitive customer data, such as bank account details.

"It wasn't encrypted, nor are you legally required to encrypt it," she told the newspaper (Times). "We have complied with all of our legal obligations in terms of storing of financial information."

Technically she's correct - although the ICO has stated that no encryption will result in an automatic investigation and the PCI-DSS standards aren't enforced by Plod, they're enforced by Mastercard/Visa.

Anyone still want to buy TT shares?

[sorc]

Anyone still want to buy TT shares?

At the rate things are going I wonder if she'll still be in her post in a week's time.

[guest]

At the rate things are going I wonder if she'll still be in her post in a week's time.

I'm sure that whatever happens to TT/her she has a big payoff lined up, they all do

[phi2008]

It would appear that the people with most to fear are some 400,000 people who recently joined TalkTalk as their credit check data (in its entirety) has been taken. This includes:

....

Time for the UK to bring in some real laws to affect negligent/incompetent CEOs. Someone within TT should be going to jail for this and we're always told the buck stops with the CEO, hence their pay so time for Dido to do some porridge I reckon.

NB - this is what I'm being told so its possible parts of it aren't true. So far it all checks out though....

What time period does that cover? I joined TT at the beginning of December last year, am I one of the 400,000?

I agree that until prison sentences start being handed out for negligent security practices within companies, companies won't get serious about their IT. 

[loonylion]

I agree that until prison sentences start being handed out for negligent security practices within companies, companies won't get serious about their IT. 

Potential problem with that is who goes to jail? The IT people who weren't able to do the job properly, the beancounters who refused to pay for doing the job properly, or the people at the top who want max profits no matter what?

[phi2008]

What time period does that cover? I joined TT at the beginning of December last year, am I one of the 400,000?

I guess I probably am then - http://www.offta.org.uk/charts.htm ?

Potential problem with that is who goes to jail? The IT people who weren't able to do the job properly, the beancounters who refused to pay for doing the job properly, or the people at the top who want max profits no matter what?

I'm not a lawyer but it won't be the first time there will have been legal obligations for a person/body to maintain standards protecting the public/customers - no doubt something can be done.

[Weaver]

@loonylion answer: all of the above. That way you will get all the guilty parties.