This topic has been archived, and won't accept reply postings.
Can somebody explain to me in simple terms what's happening at TalkTalk and that business about bitcoins...?
http://www.bbc.co.uk/news/business-34613137
http://www.bbc.co.uk/news/business-34613137
In reply to Heike:
They've been hacked and customer data has highly likely been stolen, which includes bank account details.
The bitcoins stuff is because they suspect a hacking group is behind the attack and will attempt to blackmail talktalk, with the payment to be made in bitcoins, (virtual currency) : https://en.m.wikipedia.org/wiki/Bitcoin
What to do if you're a customer from the Grauniad:
http://www.theguardian.com/technology/2015/oct/23/talktalk-breach-what-to-d...
They've been hacked and customer data has highly likely been stolen, which includes bank account details.
The bitcoins stuff is because they suspect a hacking group is behind the attack and will attempt to blackmail talktalk, with the payment to be made in bitcoins, (virtual currency) : https://en.m.wikipedia.org/wiki/Bitcoin
What to do if you're a customer from the Grauniad:
http://www.theguardian.com/technology/2015/oct/23/talktalk-breach-what-to-d...
Post edited at 09:54
1
In reply to Heike:
It's hard to tell because whoever wrote the article clearly doesn't know what they are talking about. DDOS 'punching holes in their systems', lol.
Essentially the writer is trying to say that talktalk had security that was bypassed and the group that did it probably did so in order to steal data. The writer speculates that if that's the case they may request a payment in bitcoins in order to not release the data to the public, as other groups have done in the past. Bitcoins are a type of virtual currency that are almost untraceable by design. This poses the obvious problem that data can be copied so it'll be interesting to see if talktalk pay up. Especially if the data turns out to be unencrypted.
It's hard to tell because whoever wrote the article clearly doesn't know what they are talking about. DDOS 'punching holes in their systems', lol.
Essentially the writer is trying to say that talktalk had security that was bypassed and the group that did it probably did so in order to steal data. The writer speculates that if that's the case they may request a payment in bitcoins in order to not release the data to the public, as other groups have done in the past. Bitcoins are a type of virtual currency that are almost untraceable by design. This poses the obvious problem that data can be copied so it'll be interesting to see if talktalk pay up. Especially if the data turns out to be unencrypted.
1
1
In reply to Removed User:
I obviously understood the bit about being hacked, but otherwise this article left me somewhat perplexed! So, the guy was talking nonsense. Cheers for clearing this up.
I am one of the four million customers....btw
I obviously understood the bit about being hacked, but otherwise this article left me somewhat perplexed! So, the guy was talking nonsense. Cheers for clearing this up.
I am one of the four million customers....btw
1
In reply to Heike:
Well if they did steal customer data and it was unencrypted it'll be sold on all the standard carder websites, so it will be in the news pretty quickly and you'll have plenty of time to invalidate your card. Personally I'd wait for talktalks press release and then go get a new card from the bank. I did it recently because the chip came out of my card, went in on Monday afternoon and had a new card Wednesday morning.
Well if they did steal customer data and it was unencrypted it'll be sold on all the standard carder websites, so it will be in the news pretty quickly and you'll have plenty of time to invalidate your card. Personally I'd wait for talktalks press release and then go get a new card from the bank. I did it recently because the chip came out of my card, went in on Monday afternoon and had a new card Wednesday morning.
1
In reply to Heike:
There are people who attack flood websites with traffic to disrupt business at peak times and extort money (untraceable bitcoin). Gambling websites are a target during big sporting events.
Alternatively the attackers may encrypt the company's data and demand bitcoin for the decryption key.
The price scales with the size of the victim.
The company may decide it is cheaper and quicker to pay up than to build a bullet proof technology (if such a thing exists).
If the victim pays up the attack stops because otherwise the next victim won't pay.
The attackers recognise the financial value of their online reputation. They should offer an incentive for good reviews from their victims!
There are people who attack flood websites with traffic to disrupt business at peak times and extort money (untraceable bitcoin). Gambling websites are a target during big sporting events.
Alternatively the attackers may encrypt the company's data and demand bitcoin for the decryption key.
The price scales with the size of the victim.
The company may decide it is cheaper and quicker to pay up than to build a bullet proof technology (if such a thing exists).
If the victim pays up the attack stops because otherwise the next victim won't pay.
The attackers recognise the financial value of their online reputation. They should offer an incentive for good reviews from their victims!
1
In reply to Heike:
He's not talking nonsense, (though ex0 is questioning some of the terminology used), and it appears to be a significant data breach.
This is from talktalk:
http://m.help.talktalk.co.uk/oct22incident
The BBC article you quote is from a business perspective on the reason for the attack, whilst this is a more general report:
http://www.bbc.co.uk/news/uk-34611857
He's not talking nonsense, (though ex0 is questioning some of the terminology used), and it appears to be a significant data breach.
This is from talktalk:
http://m.help.talktalk.co.uk/oct22incident
The BBC article you quote is from a business perspective on the reason for the attack, whilst this is a more general report:
http://www.bbc.co.uk/news/uk-34611857
In reply to Heike:
Ironically I had an e.mail from talk talk today, not mentioning the hacking but telling me my monthly payments are going up to fund improvements to the service.( they tell me it is the best provider! )
Ironically I had an e.mail from talk talk today, not mentioning the hacking but telling me my monthly payments are going up to fund improvements to the service.( they tell me it is the best provider! )
2
In reply to john spence:
as per the guardian link. Be bloody careful with talk talk emails at the moment.
Since it looks increasingly likely customer data has gone walkies and is liable to be used in phishing attacks.
as per the guardian link. Be bloody careful with talk talk emails at the moment.
Since it looks increasingly likely customer data has gone walkies and is liable to be used in phishing attacks.
In reply to KevinD:
surely at least the bank data was encrypted particularly after the previous attacks?
http://www.independent.co.uk/life-style/gadgets-and-tech/news/talktalk-hack...
you can see some sample data from the jihadists who have claimed responsibility on pastebin..
surely at least the bank data was encrypted particularly after the previous attacks?
http://www.independent.co.uk/life-style/gadgets-and-tech/news/talktalk-hack...
you can see some sample data from the jihadists who have claimed responsibility on pastebin..
In reply to nrhardy:
Thanks, I read all that, was just more interested in all the detail as outlined in the business article and couldn't understand all the jargon!
Thanks, I read all that, was just more interested in all the detail as outlined in the business article and couldn't understand all the jargon!
In reply to KevinD:
Lovely, I might have to change provider! I wouldn't have chosen talk talk in the first place, but virgin media sold us of to them!
Lovely, I might have to change provider! I wouldn't have chosen talk talk in the first place, but virgin media sold us of to them!
In reply to john spence:
Hahaha, that's great crisis communication!....or phishing.
To be fair, I just had a lengthy email from talk talk explaining what to do and what we should expect. Sounds like they are very worried! E.g. they are offering free credit rating checks for one year to all customers with the three biggest credit rating providers.
Hahaha, that's great crisis communication!....or phishing.
To be fair, I just had a lengthy email from talk talk explaining what to do and what we should expect. Sounds like they are very worried! E.g. they are offering free credit rating checks for one year to all customers with the three biggest credit rating providers.
Post edited at 12:48
In reply to Heike:
This morning we had (Baroness) Dido on the Today programme being as evasive as possible, now I've an email for Tristia, telling me they know very little but they do take security seriously - is it run by a bunch of clueless posh bints from their home office/study in Islington?
This morning we had (Baroness) Dido on the Today programme being as evasive as possible, now I've an email for Tristia, telling me they know very little but they do take security seriously - is it run by a bunch of clueless posh bints from their home office/study in Islington?
In reply to Heike:
I think they mentioned that possibility on the news this morning. I'm with TalkTalk too but have had nothing from them yet. I must admit, I'd not even heard about the two previous security breaches!
> ... they are offering free credit rating checks for one year to all customers with the three biggest credit rating providers.
I think they mentioned that possibility on the news this morning. I'm with TalkTalk too but have had nothing from them yet. I must admit, I'd not even heard about the two previous security breaches!
In reply to Fraser:
I hadn't heard about the two previous breaches either, but I just had a lengthy email from them just a wee while ago including the stuff on credit checks.
I hadn't heard about the two previous breaches either, but I just had a lengthy email from them just a wee while ago including the stuff on credit checks.
Post edited at 13:33
In reply to winhill:
I saw a great quote the other day "The older I get, the more I realise everyone is just winging it".
> This morning we had (Baroness) Dido on the Today programme being as evasive as possible, now I've an email for Tristia, telling me they know very little but they do take security seriously - is it run by a bunch of clueless posh bints from their home office/study in Islington?
I saw a great quote the other day "The older I get, the more I realise everyone is just winging it".
4
In reply to malk:
Dont think there are any answers on that yet. However it would depend on the attack used. At some point that data has to be in plain text to be used so if thats vulnerable you are buggered.
> surely at least the bank data was encrypted particularly after the previous attacks?
Dont think there are any answers on that yet. However it would depend on the attack used. At some point that data has to be in plain text to be used so if thats vulnerable you are buggered.
In reply to Fraser:
http://www.bbc.co.uk/news/uk-34615226
Here she just said it on bbc a few minutes ago. To be fair, I think she does come across reasonably well.
http://www.bbc.co.uk/news/uk-34615226
Here she just said it on bbc a few minutes ago. To be fair, I think she does come across reasonably well.
In reply to
I'm also on Talktalk
How do we stand on cancelling contract now?
Surely the charges cannot be enforced after this.
Leaving our details open os a massive breach of contract .
I'm also on Talktalk
How do we stand on cancelling contract now?
Surely the charges cannot be enforced after this.
Leaving our details open os a massive breach of contract .
2
In reply to Thread:
Genuine question and sorry to look ignorant. A friend of mine is with TalkTalk. Is it safe to exchange emails with him at the moment?
Genuine question and sorry to look ignorant. A friend of mine is with TalkTalk. Is it safe to exchange emails with him at the moment?
In reply to malk:
It will be (unless Talk Talk have themselves gone rogue and ignored all regulatory governance in which case they will be breaking the law as well as potentially negligent) as all card data (at rest) is encrypted to meet PCI compliance
> surely at least the bank data was encrypted particularly after the previous attacks?
It will be (unless Talk Talk have themselves gone rogue and ignored all regulatory governance in which case they will be breaking the law as well as potentially negligent) as all card data (at rest) is encrypted to meet PCI compliance
Post edited at 15:27
In reply to Heike:
Do you think? I thought she sounded weak and ineffectual. Ducking and diving with the it's a crime scene line, unable to rebuild trust. Not as bad as this morning when she sounded shell-shocked and completely stunned by the whole affair. Operating well beyond her level of competence.
> Here she just said it on bbc a few minutes ago. To be fair, I think she does come across reasonably well.
Do you think? I thought she sounded weak and ineffectual. Ducking and diving with the it's a crime scene line, unable to rebuild trust. Not as bad as this morning when she sounded shell-shocked and completely stunned by the whole affair. Operating well beyond her level of competence.
2
In reply to FesteringSore:
Only if you put a condom on your mouse.
> Genuine question and sorry to look ignorant. A friend of mine is with TalkTalk. Is it safe to exchange emails with him at the moment?
Only if you put a condom on your mouse.
2
In reply to Tyler:
I really don't understand why any company needs to store payment card data, encrypted or not. The only people who need to store them are the banks and payment service providers.
Tokenization, within PCI DSS, provides a solution, and any company whether SME, Talk Talk or any company no matter the size, ever needs to see or store a customers payment card details.
It boggles me that they do. Leave it to the banks.
> It will be (unless Talk Talk have themselves gone rogue and ignored all regulatory governance in which case they will be breaking the law as well as potentially negligent) as all card data (at rest) is encrypted to meet PCI compliance
I really don't understand why any company needs to store payment card data, encrypted or not. The only people who need to store them are the banks and payment service providers.
Tokenization, within PCI DSS, provides a solution, and any company whether SME, Talk Talk or any company no matter the size, ever needs to see or store a customers payment card details.
It boggles me that they do. Leave it to the banks.
1
In reply to Tyler:
rogue or incompetent.
Good security costs and is an easy cost cutting item when it comes to budgets (as is most IT until the shit hits the fan).
rogue or incompetent.
Good security costs and is an easy cost cutting item when it comes to budgets (as is most IT until the shit hits the fan).
1
In reply to Heike:
It may have sound honest to some but she's already been criticised by the Information Commissioner for the delay in informing them, who would have alerted the public sooner.
So definitely not acting in the best interest of customers, some of whom knew they'd been hacked before any announcement by Tristia.
It'll take months but I wonder if they'll get fined at the end of it for not responding to the earlier attacks in a more robust manner, even simple stuff like a post breach email plan to inform customers seems to be missing, if she says it could take 48 hours to let everyone know.
Didn't Dido effectively fall on her own sword?
> I thought it sounded honest. Not the usual corporate stealth bs...IMHO
It may have sound honest to some but she's already been criticised by the Information Commissioner for the delay in informing them, who would have alerted the public sooner.
So definitely not acting in the best interest of customers, some of whom knew they'd been hacked before any announcement by Tristia.
It'll take months but I wonder if they'll get fined at the end of it for not responding to the earlier attacks in a more robust manner, even simple stuff like a post breach email plan to inform customers seems to be missing, if she says it could take 48 hours to let everyone know.
Didn't Dido effectively fall on her own sword?
In reply to Fraser:
. I must admit, I'd not even heard about the two previous security breaches!
Their view must have been Lightening never strikes thrice
( until it did)
. I must admit, I'd not even heard about the two previous security breaches!
Their view must have been Lightening never strikes thrice
( until it did)
In reply to Ken Lewis:
Seems only partial financial info, at most, may have been stolen, according to latest TT update:
https://help2.talktalk.co.uk/oct22incident
Seems only partial financial info, at most, may have been stolen, according to latest TT update:
https://help2.talktalk.co.uk/oct22incident
In reply to mark s:
They were talking about this on radio 4 (probably you and yours) on Friday.
Basically they'll try to charge you, right up to the point you mention that they have breached the data protection act. Then they won't!
They were talking about this on radio 4 (probably you and yours) on Friday.
Basically they'll try to charge you, right up to the point you mention that they have breached the data protection act. Then they won't!
In reply to Ken Lewis:
Online and remote payment really seems quite badly designed. The "secret" number on the back of your card - read out to someone you don't know over the phone. The number of shops taking telephone orders who write down your card details and postcode incase the card machine fails.
The secured by VISA feature on some websites is an improvement, but look at how paying by Paypal works. You chose this method and the website sends a code to Paypal, Paypal does the authorisation, Paypal then sends a code back to the original website also confirming your address.
Now I know Paypal isn't infallible but the method is much more sensible. The authorisation is between you and your bank(or equivalent).
Same with direct debit set-up. Why should I have to provide my bank details, surely they should be supplying me with their bank details and an interface to my bank to confirm I want to pay them.
> It boggles me that they do. Leave it to the banks.
Online and remote payment really seems quite badly designed. The "secret" number on the back of your card - read out to someone you don't know over the phone. The number of shops taking telephone orders who write down your card details and postcode incase the card machine fails.
The secured by VISA feature on some websites is an improvement, but look at how paying by Paypal works. You chose this method and the website sends a code to Paypal, Paypal does the authorisation, Paypal then sends a code back to the original website also confirming your address.
Now I know Paypal isn't infallible but the method is much more sensible. The authorisation is between you and your bank(or equivalent).
Same with direct debit set-up. Why should I have to provide my bank details, surely they should be supplying me with their bank details and an interface to my bank to confirm I want to pay them.
This topic has been archived, and won't accept reply postings.
Loading Notifications...