TalkTalk "Security So Poor"

I was once rang, in about 2012, at my home by a cold caller from TalkTalk.

"Hello, I'm ringing from TalkTalk, one of the largest phone and broadband internet companies in the UK."

"Yes, I know your work. Can you thank them for me?"

"Eh?"

"Can you thank them. For being so awful. You've made me a lot of money."

"Sorry?"

"By being so bad. I run a repair firm. I've done well from your company."

Click. Which was either them ending the call, getting the point. Or both.

It comes as no surprise to me that TalkTalk have been fined £400,000 by the regulator for their data breach in October 2015. Nor did it come as a surprise that they had been hacked.

I managed to circumvent their call centre security many times. It didn't take much. "Are you not the account holder? Are they there?"

"Yes, I'll put them on."

"Can you authorise the person to speak on your behalf?"

"Yes."

They had no idea who had said yes, who I was, or that there was even a fault. I was merely after my call out fee and to go home having left my customer with a working connection.

For many years, Tiscali, whom TalkTalk took over and the firm whose original system got hacked, would routinely change passwords to "12345". The call centre defaulted to it after only very basic checks.

The bigger problem out there is that TalkTalk aren't the only one with lax security. Other, smaller, ISPs are vulnerable across the board due to inherent faults in their overly familiar systems. Some are so small that their customer service staff number less than five and their customers are known almost personally. But they're vulnerable.

And, if you need a way into the internet, there it is.

Until the rest of the industry catches up, the holes will remain and the internet will still fit the 'Wild West' tag it earned.

And, until then, circle your wagons and be prepared to be threatened by those that want your valuables.