Diversion via DDoS, intrusion & vol de données chez TalkTalk

L'actualité & News Informatique!
Donc pas de demande d'aide dans cette partie.
ѠOOT

Diversion via DDoS, intrusion & vol de données chez TalkTalk

par ѠOOT »

( 22/10/2015 ) TalkTalk PLC on Cyber Attack

Today (Thursday 22nd October), a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website yesterday. That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details. We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.

Dido Harding, CEO, said: “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”

The following letter has been shared with TalkTalk customers:

We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:

* Names
* Addresses
* Date of birth
* Phone numbers
* Email addresses
* TalkTalk account information
* Credit card details and/or bank details

... ( lire la suite )


Statement: http://www.talktalkgroup.com/press/pres ... ttack.aspx
Incident: http://help2.talktalk.co.uk/oct22incident
Note: The TalkTalk portal is powered by AOL.

@TalkTalkCare : I cant log in to mail and the website is also down. I have tried on a laptop and phone

@TalkTalk_UK : Our website was subjected to a significant and sustained cyberattack.

@TalkTalk_UK : Our CEO Dido Harding apologises to TalkTalk customers about disruption caused by the cyberattack on our website. http://www.bbc.co.uk/news/uk-34611857
Wim Remes, Rapid7 a écrit :The tactic of inundating an application with traffic to hide the real attack ( smokescreening ) going on at the same time is very common nowadays. By distracting the target, the attacker buys more time to focus on the assets they are really after. Organisations can address this by implementing multi-layer monitoring systems.
Liens connexes:
TalkTalk – The case for a Chief Security Officer
2014 :: Annual UK DDoS Attacks & Impact Report - THE DANGER DEEPENS ★ DDoS smokescreening
Malekal_morte
Messages : 116665
Inscription : 10 sept. 2005 13:57

Re: Diversion via DDoS, intrusion & vol de données chez Talk

par Malekal_morte »

1.2 million de données clients (noms, adresses mails, numéros de téléphone, ...)
Près de 21 000 numéros de comptes bancaires actifs et 28 000 numéros de CB :o

Impressionnant PDT_007
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
ѠOOT

Re: Diversion via DDoS, intrusion & vol de données chez Talk

par ѠOOT »

Brian Krebs a écrit :A source close to the investigation who spoke on condition of anonymity told KrebsOnSecurity that the hacker group who demanded the £80,000 ransom ( via Bitcoin ) provided TalkTalk with copies of the tables from its user database as evidence of the breach. The database in question, the source said, appears related to at least 400,000 people who have recently undergone credit checks for new service with the company.
https://krebsonsecurity.com/2015/10/tal ... n-bitcoin/

Image
More than 4 million users of TalkTalk are at risk after a major data breach hit the mobile carrier’s database. Trust levels in TalkTalk dropped, as the real problem resided within the poor or nonexistent data encryption.
http://www.techtimes.com/articles/98796 ... tomers.htm
Graham Cluley a écrit :So, let's imagine a big company, with the sensitive details of 4,000,000 customers stored on a server. That data is there because it gets used. For billing, for marketing, for tech support. But it's encrypted, so only authorised users can access it. Now let's imagine a wily hacker, who uses an SQL injection vulnerability or a PHP vulnerability or any one of a zillion other vulnerabilities, to get root priviledge, and is now logged on as the root user. He can now intercept and log on as any user on that computer and because he's an authorised user, he has all the access to the sensitive traffic or database that the kosher user has.
That's why "Is it encrypted" is a silly question.
https://grahamcluley.com/2015/10/talkta ... encrypted/
(George Osborne, GCHQ) a écrit :"The experience of TalkTalk shows how cyber attack can suddenly go from a theoretical risk to a massive business cost"
To all business customers a écrit :We have emailed all our customers who could have been affected and continue to use the media and other channels to update you as the situation develops. We know that issues like this can be worrying so we've partnered with Noodle, a credit reporting service from Callcredit to offer 12 months of credit monitoring alerts for free. This is available to all business customers who could have been affected by this incident.
http://helpbusiness.talktalk.co.uk/cyberincident
ѠOOT

Re: Diversion via DDoS, intrusion & vol de données chez Talk

par ѠOOT »

On Monday, 26 October, at approximately 16:20hrs officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit (MPCCU), executed a search warrant at an address in County Antrim, Northern Ireland.

At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed.

A search of the address is ongoing and enquiries continue.

This is a joint investigation by MPCCU detectives, the PSNI's Cyber Crime Centre (CCC) and the National Crime Agency.

e-Crime: Metropolitan Police Cyber Crime Unit - TalkTalk Investigation
Malekal_morte
Messages : 116665
Inscription : 10 sept. 2005 13:57

Re: Diversion via DDoS, intrusion & vol de données chez Talk

par Malekal_morte »

Trois personnes originaires du Royaume-Uni âgées de 15, 16 et 20 ans arrêtées par la Police Britannique car suspectées d'être impliquées dans l'affaire TalkTalk.

Ouverture d'une enquête parlementaire : http://www.parliament.uk/business/commi ... ity-15-16/
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
ѠOOT

Re: Diversion via DDoS, intrusion & vol de données chez Talk

par ѠOOT »

TalkTalk a écrit :LONDON The chief executive of TalkTalk (TALK.L) received 2.8 million pounds ($4.1 million) in pay and share bonuses for the last 12 months, despite the telecoms company suffering a cyber attack in October that put the data of thousands of customers at risk.

Dido Harding, who received 550,000 pounds in base pay, said she would donate her 220,000 pound annual cash bonus to charity following the hack on its business[...]
http://uk.reuters.com/article/uk-talkta ... KKCN0Z60R5

House of Commons Culture, Media & Sport Committee

1] Background

2] TalkTalk cyber-attack and response

3] Consumer compensation and contracts

4] Data protection in third party suppliers

5] Cyber Essentials and improving cyber-security

6] The tensions between informing the authorities, criminal investigation and informing those potentially affected

7] ICO powers and remit

8] Investigatory Powers Bill

http://www.publications.parliament.uk/p ... 48/148.pdf


→ ( 2 décembre 2016 ) TalkTalk momentanément perturbé par le ver informatique Mirai

"A 17-year-old who admitted illegally hacking communications company Talk Talk last year was sentenced to a 12-month rehabilitation order on Tuesday."

→ ( 13 décembre 2016 ) http://www.reuters.com/article/us-talkt ... SKBN1421I0
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Actualité & News Informatique »