TalkTalk haven’t had the best luck over the past few years. Back in 2015 they hit the headlines when it was revealed that around 157,000 of their customer’s personal details were compromised in a cyber breach. They were fined £400,000 by the Information Commissioner’s Office and informed to invest heavily in more stringent cyber security.
Today it was announced that an anonymous hacker has discovered a flaw in their web system. You had one job, TalkTalk. The flaw could allow a hacker to ‘easily’ steal millions of customer login details.
The hacker approached Sky News with the information, stating that a cross site scripting error had allowed the hacker to take control of talktalk.co.uk URL. They would then be able to trick any customer into accessing the spoofed site, rather than the official one, and steal personal information.
Any naughty person would be able to exploit this flaw and then target TalkTalk customers with email phishing techniques or circulating the link around tech support forums or via social media channels.
TalkTalk had known about the flaw for years, as apparently it was flagged up via their bug bounty scheme in 2016. But it went unfixed. TalkTalk are said to have fixed the issue now, and say that no customer information has been compromised (at time of writing).