BBC News reports:
TalkTalk’s handling of a wi-fi password breach is being criticised by several cyber-security experts.
The BBC has presented the company with evidence that many of its customers’ router credentials have been hacked, putting them at risk of data theft.
The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.
But it is still advising users that there is “no need” to change their routers’ settings.
Understandably, computer security experts were astounded by TalkTalk’s seeming lack of concern over its customers’ passwords being at risk.
Keen to pour cold water on potentially negative media coverage, TalkTalk’s PR department pointed BBC News in the direction of another security expert:
A spokeswoman for TalkTalk said that customers could change their settings “if they wish” but added that she believed there was “no risk to their personal information”.
She referred the BBC to another security expert. But when questioned, he also said the company should change its advice.
Oops! This isn’t looking good for TalkTalk.
The alarm was first sounded over the weekend when security experts at Pen Test Partners uncovered that a variant of the Mirai worm was exploiting a vulnerability to force TalkTalk routers to reveal their Wi-Fi passwords.
Of course, an attacker would need to be physically close to your wireless network to then exploit the theft of your Wi-Fi password, but still… that’s not good.
And what is even worse is TalkTalk’s feeble response.
This is TalkTalk, remember, whose customers were hit by an internet outage a week ago after their routers were hijacked. TalkTalk, whose high profile hack last year, was revealed to be due to its shameful security practices, and resulted in a record fine.
TalkTalk, whose CEO Dido Harding, saw her pay almost triple to £2.8 million amidst all this omni-shambles.
It’s no wonder that some people feel exasperated at the antics of the talent show-sponsoring ISP.
Here are some instructions I found on TalkTalk’s site about how to change the wireless name and password on your TalkTalk router.
Before doing that though, I would recommend that you reset your router (this is often done by pressing a small reset button at the back with a paperclip) to force the device to download a new version of its firmware.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on “When it comes to security, TalkTalk is all talk talk…”
Had to come in and say, splendid title.
Keep up the wonderful work
If Dido is on £2.8 million per year, clearly their series of security breaches hasn't affected their profits.
Computer security experts care about computer security, everyone else doesn't give a fig.
Until they get hit by ransomware and wonder how it happened.