TalkTalk confesses: Scammers have data about our engineers' visits to your home

Info exploited, say customers

A number of TalkTalk customers have had their maintenance visits data breached by fraudsters in an attempt to gain remote access of their computers, it has emerged.

One customer, Chris, told The Register that a week after the cyber attack was reported he experienced some issues with his broadband, so TalkTalk sent an engineer round. "The day after this visit my partner received a call from someone claiming to be from TalkTalk, who knew the engineer's name, and exactly what she and the engineer had discussed the previous day."

The caller – purporting to be from TalkTalk – then told the customer to download TeamViewer software, which was used to try to make a number of money transfers using third-parties' credit card information.

After the customer realised what was happening, he shut down his computer and bought new security software.

He said: "When I challenged TalkTalk to explain how the scam caller knew so many details of our account, the manager suggested the engineer may have passed on our details to a third party. However, TalkTalk refused to agree to contact or otherwise investigate this engineer."

Chris said he left the company at the end of November 2015 following the "dismal" customer service he experienced over the incident.

According to the BBC Radio 4 programme Money Box yesterday, TalkTalk admitted that criminals have had access to information of its third party engineers' visits.

Two customers told the programme they had received calls from scammers who knew details of their recent engineers' visits and account reference numbers. One woman had £300 taken from her PayPal account, which her bank was able to refund.

In a statement TalkTalk admitted to receiving complaints about this happening from a “small number” of customers.

It said the issue has been investigated and reported to the Information Commissioner's Office, and it has not received any more complaints about this since the end of 2015.

A spokesman from TeamViewer got in touch to say the company condems the use of its software for unauthorized access to private data: "It is important to emphasise that those using TeamViewer to facilitate this illegal activity are not using an exploit within TeamViewer. TeamViewer is not a malicious piece of software, however in this situation TeamViewer has been used for nefarious means. TeamViewer is designed to facilitate collaboration and remote support and the company does not condone the use of its software for any fraudulent activity." The TeamViewer spokesman urged users to be "prudent and vigilant" when using the software: "We advise our users to be extremely careful when they receive unsolicited calls from would-be technicicans and such. ”

Money Box noted that in the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. The Register has asked TalkTalk for further comment.

At the end of January, TalkTalk said it was considering cutting ties with its Indian call centre provider after three employees at the site were arrested for allegedly scamming customers.

TalkTalk has reported a loss of £60m related to its major hack in October, attributing the write-off to IT costs and shedding 101,000 customers during its third quarter, according to its latest financial results. ®

Other stories you might like

  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • Elasticsearch server with no password or encryption leaks a million records
    POS and online ordering vendor StoreHub offered free Asian info takeaways

    Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.

    Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.

    StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Millions of people's info stolen from MGM Resorts dumped on Telegram for free
    Meanwhile, Twitter coughs up $150m after using account security contact details for advertising

    Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

    The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.

    The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter's Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.

    Continue reading

Biting the hand that feeds IT © 1998–2022