Hacked TalkTalk says that it has received ransom demand

Graham Cluley

Hacked TalkTalk says that it has received ransom demand

TalkTalkTalkTalk has said that it has received an email demanding a ransom be paid, after it suffered a hack which has potentially put the details of up to four million customers at risk.

Speaking to the BBC, TalkTalk confirmed that it had suffered from a distributed denial-of-service (DDoS) attack that disrupted its website earlier this week. Last night the telecoms firm revealed that information such as customers’ names, addresses, phone numbers, dates of birth, and bank details could now be in the hands of hackers.

The Metropolitan Police’s cybercrime unit is investigating, and customers are being told to watch their bank accounts for unusual activity, and contact Action Fraud UK if they spot anything suspicious.

Earlier a message had been posted on Pastebin claiming to be from the attackers, including what was said to be customer data.

Pastebin

Of course, because TalkTalk has suffered a series of security breaches in the last year it’s hard for anyone on the outside to confirm that the data shared in the unverified Pastebin message is from the latest security breach, or if it is from the group who emailed TalkTalk.

Dido Harding, chief executive of Talk Talk, told the BBC that the email had demanded not just that a ransom be paid for the safe return of stolen data, but also to prevent further denial-of-service attacks.

“Yes, we have been contacted by – I don’t know whether it’s an individual or a group purporting to be the hacker. I personally received a contact from someone purporting – as I say, I don’t know whether they are or are not – to be the hacker, looking for money.”

Harding admitted that the company could have done more, but added that there is probably no company which couldn’t do more to protect its systems.

On the BBC News at One, TalkTalk’s CEO was quoted as saying that the company was unable to confirm what stolen data might have been encrypted – and which wasn’t.

Such uncertainty is not going to comfort customers I suspect.

If the attackers did attempt to blackmail TalkTalk it certainly wouldn’t be the first time that hackers have tried to extort money from the company it was attacking through a denial-of-service attack. If they had also managed to steal TalkTalk customer data then they are just turning the thumbscrews that little bit tighter…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

5 Replies to “Hacked TalkTalk says that it has received ransom demand”

  1. The first two tables on pastebin have old data 2011 and 2012, however the final example has records from August this year. Of course the dates could have been edited by those posting.

  2. 'Harding admitted that the company could have done more, but added that there is probably no company which couldn't do more to protect its systems.'

    Harding is wrong! Just ask the CEO of Sony! He'll tell it how it really is! There are some attacks that simply cannot be countered! This includes stupidity (case in point: Sony CEO)

    (Okay, yes, Harding actually is right but that's a given since it is a constantly evolving battle)

  3. Now come on everyone, last weeks episode of Homeland showed a security data breach of the CIA in Berlin and just 3-4 days later, talktalk end up with a data breach.

    It seems obvious to me, that whoever did this, watched Homeland and had a pop at Talk Talk.

    Rule Number 1: Always store your data encrypted in your database.

    Rule Number 2: Never store bank details or credit card details without very strong encryption anywhere near the internet, unless you restrict it to admin privileges.

    If I was advising the Police, I would start by taking a look at how the breach happened and trace the IP addresses back to the proxies. From there you will be able to force the proxy companies to give you the real IP addresses.

    Sooner or later we have to stop being complacent, this happens all the time, so we need to take steps to prevent the people who pay us their money, from having their data stolen.

  4. Oh sure,deflect incompetence by blaming others for week security. " See,we are in good company" others need to do a better job too!

    I don't care who the company is, heads need to roll. People have enough to worry about these days.

  5. It seems strange this story.

    Hackers dont just steal details. They would have caused harm in other ways. Talk Talk sold the information guaranteed and are now blaming hackers! Its all a fake sham scam done by that fork tongued woman they call a CEO.. She is a crook and she knows it!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES