When it comes to security, TalkTalk is all talk talk…

Graham Cluley

When it comes to security, TalkTalk is all talk talk...

When it comes to security, TalkTalk is all talk talk...

BBC News reports:

TalkTalk’s handling of a wi-fi password breach is being criticised by several cyber-security experts.

The BBC has presented the company with evidence that many of its customers’ router credentials have been hacked, putting them at risk of data theft.

The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.

But it is still advising users that there is “no need” to change their routers’ settings.

Understandably, computer security experts were astounded by TalkTalk’s seeming lack of concern over its customers’ passwords being at risk.

Keen to pour cold water on potentially negative media coverage, TalkTalk’s PR department pointed BBC News in the direction of another security expert:

A spokeswoman for TalkTalk said that customers could change their settings “if they wish” but added that she believed there was “no risk to their personal information”.

She referred the BBC to another security expert. But when questioned, he also said the company should change its advice.

Oops! This isn’t looking good for TalkTalk.

The alarm was first sounded over the weekend when security experts at Pen Test Partners uncovered that a variant of the Mirai worm was exploiting a vulnerability to force TalkTalk routers to reveal their Wi-Fi passwords.

Of course, an attacker would need to be physically close to your wireless network to then exploit the theft of your Wi-Fi password, but still… that’s not good.

And what is even worse is TalkTalk’s feeble response.

This is TalkTalk, remember, whose customers were hit by an internet outage a week ago after their routers were hijacked. TalkTalk, whose high profile hack last year, was revealed to be due to its shameful security practices, and resulted in a record fine.

TalkTalk, whose CEO Dido Harding, saw her pay almost triple to £2.8 million amidst all this omni-shambles.

It’s no wonder that some people feel exasperated at the antics of the talent show-sponsoring ISP.

Here are some instructions I found on TalkTalk’s site about how to change the wireless name and password on your TalkTalk router.

Before doing that though, I would recommend that you reset your router (this is often done by pressing a small reset button at the back with a paperclip) to force the device to download a new version of its firmware.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “When it comes to security, TalkTalk is all talk talk…”

  1. If Dido is on £2.8 million per year, clearly their series of security breaches hasn't affected their profits.

    Computer security experts care about computer security, everyone else doesn't give a fig.

    Until they get hit by ransomware and wonder how it happened.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.