2 min read

Talk Talk's website was breached - is yours secure?

Alexandra GHEORGHE

October 23, 2015

Talk Talk's website was breached - is yours secure?

UK telecom company Talk Talk has been breached by hackers and some 4 million customers may be exposed to data theft, according to their site.

It appears the company website was hacked, and attackers accessed servers storing sensitive information. This includes names and addresses, email addresses, telephone numbers and, most importantly, credit card and bank details.

Today (Thursday 22nd October), a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website yesterday,” Talk Talk said on its help page.

The company also said its systems were “as secure as they could be,” but somehow attackers managed to outsmart them.

What could have happened?

Everybody is asking the same question. While investigations are underway, the media is making assumptions. In case you didn’t know, here are several techniques attackers can use to knock down a website and eventually access its data severs:

Cross-site scripting attacks – they take advantage of a security loophole or web application to inject malicious scripts into a site. XSS is among the most rampant of web application vulnerabilities, they provide the perfect ground to escalate attacks to more serious ones.

SQL injection – involves entering SQL code into web forms (log-in fields or into the browser address field) to access and manipulate the database behind the site, system or application. When you enter text in the username and password fields of a log-in screen, the data is typically inserted into an SQL command. This command checks the data you’ve entered against the relevant table in the database. If it matches, you’re granted access. If not, you’re knocked back out.

Denial-of-service attacks – used to overload or flood a site with requests to disrupt its operations and render it unavailable. This attack is also used in defacements and doesn’t necessarily imply that hackers gained access to data servers.

More worrisome is the fact that TalkTalk did not fully encrypt its sensitive data.

“Not all of the data was encrypted. We constantly review and update our systems to make sure they are as secure as possible,” they said.

encryption

Source: Microsoft

This is the third cyber-attack to affect TalkTalk over the past 12 months.

Talk Talk customers are not left with many options. All they can do is change their account passwords and closely monitor their bank account activity for fraudulent purchases. Hackers will most likely try to take advantage of the breach by sending related phishing spam or requesting passwords or banking details via telephone.

If you’re a worried site owner, here are seven key tips to keep your platform safe:

  • Keep software up to date.
  • Create strong passwords to secure server and website admin area.
  • Use a security certificate to secure personal information passing between the site and web server or database.
  • Implement firewalls on all endpoints, including servers and desktops.
  • Use VPN when available.
  • Do not use public computers to access sensitive information.
  • Encrypt highly sensitive emails.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read