BBC News reports:
TalkTalk’s handling of a wi-fi password breach is being criticised by several cyber-security experts.
The BBC has presented the company with evidence that many of its customers’ router credentials have been hacked, putting them at risk of data theft.
The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.
But it is still advising users that there is “no need” to change their routers’ settings.
Understandably, computer security experts were astounded by TalkTalk’s seeming lack of concern over its customers’ passwords being at risk.
Keen to pour cold water on potentially negative media coverage, TalkTalk’s PR department pointed BBC News in the direction of another security expert:
A spokeswoman for TalkTalk said that customers could change their settings “if they wish” but added that she believed there was “no risk to their personal information”.
She referred the BBC to another security expert. But when questioned, he also said the company should change its advice.
Oops! This isn’t looking good for TalkTalk.
The alarm was first sounded over the weekend when security experts at Pen Test Partners uncovered that a variant of the Mirai worm was exploiting a vulnerability to force TalkTalk routers to reveal their Wi-Fi passwords.
Of course, an attacker would need to be physically close to your wireless network to then exploit the theft of your Wi-Fi password, but still… that’s not good.
And what is even worse is TalkTalk’s feeble response.
This is TalkTalk, remember, whose customers were hit by an internet outage a week ago after their routers were hijacked. TalkTalk, whose high profile hack last year, was revealed to be due to its shameful security practices, and resulted in a record fine.
TalkTalk, whose CEO Dido Harding, saw her pay almost triple to £2.8 million amidst all this omni-shambles.
It’s no wonder that some people feel exasperated at the antics of the talent show-sponsoring ISP.
When you spend vast amounts of money on sponsoring the X Factor, there can't be much left in the pot for security issues.
— Stuart (@StegoPax) December 7, 2016
Here are some instructions I found on TalkTalk’s site about how to change the wireless name and password on your TalkTalk router.
Before doing that though, I would recommend that you reset your router (this is often done by pressing a small reset button at the back with a paperclip) to force the device to download a new version of its firmware.