When it comes to security, TalkTalk is all talk talk…

One wonders what needs to happen at TalkTalk for them to start caring about their users’ security.

Graham Cluley
Graham Cluley
@[email protected]

When it comes to security, TalkTalk is all talk talk...

BBC News reports:

TalkTalk’s handling of a wi-fi password breach is being criticised by several cyber-security experts.

The BBC has presented the company with evidence that many of its customers’ router credentials have been hacked, putting them at risk of data theft.

Sign up to our free newsletter.
Security news, advice, and tips.

The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.

But it is still advising users that there is “no need” to change their routers’ settings.

Understandably, computer security experts were astounded by TalkTalk’s seeming lack of concern over its customers’ passwords being at risk.

Keen to pour cold water on potentially negative media coverage, TalkTalk’s PR department pointed BBC News in the direction of another security expert:

A spokeswoman for TalkTalk said that customers could change their settings “if they wish” but added that she believed there was “no risk to their personal information”.

She referred the BBC to another security expert. But when questioned, he also said the company should change its advice.

Oops! This isn’t looking good for TalkTalk.

The alarm was first sounded over the weekend when security experts at Pen Test Partners uncovered that a variant of the Mirai worm was exploiting a vulnerability to force TalkTalk routers to reveal their Wi-Fi passwords.

Of course, an attacker would need to be physically close to your wireless network to then exploit the theft of your Wi-Fi password, but still… that’s not good.

And what is even worse is TalkTalk’s feeble response.

This is TalkTalk, remember, whose customers were hit by an internet outage a week ago after their routers were hijacked. TalkTalk, whose high profile hack last year, was revealed to be due to its shameful security practices, and resulted in a record fine.

TalkTalk, whose CEO Dido Harding, saw her pay almost triple to £2.8 million amidst all this omni-shambles.

It’s no wonder that some people feel exasperated at the antics of the talent show-sponsoring ISP.


Here are some instructions I found on TalkTalk’s site about how to change the wireless name and password on your TalkTalk router.

Before doing that though, I would recommend that you reset your router (this is often done by pressing a small reset button at the back with a paperclip) to force the device to download a new version of its firmware.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “When it comes to security, TalkTalk is all talk talk…”

  1. Frank Hoyle

    Had to come in and say, splendid title.

    Keep up the wonderful work

  2. drsolly

    If Dido is on £2.8 million per year, clearly their series of security breaches hasn't affected their profits.

    Computer security experts care about computer security, everyone else doesn't give a fig.

    Until they get hit by ransomware and wonder how it happened.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.