The personal information of 4,545 TalkTalk customers, including bank details, have been found online following a data breach back in 2015.
Viewers had contacted BBC’s Watchdog Live to raise concerns however TalkTalk, who had failed to inform the affected customers, have stressed that details have not been compromised. The firm stated: “The customer data referred to by BBC Watchdog relates to the historical October 2015 data breach. It is not a new incident.”
Watchdog Live’s investigation found that the details were found using a Google search and included details such as names, email addresses, birth dates and bank details. At the time of the 2015 incident more than 156,000 customers of TalkTalk were affected. The firm received a record fine of £400,000 from the Information Commissioner’s Office (ICO).
TalkTalk has apologised and described the breach as a “genuine error”.
The NCSC has developed guidance which helps users mitigate against phishing attempts following data breach incidents such as this.
If you are ever concerned about fraud or lost data then you should contact Action Fraud. The online fraud reporting tool is available any time of the day or night, or alternatively you can call 0300 123 2040. For further information visit www.actionfraud.police.uk.
Instagram data stored unsecurely
Instagram is investigating how contact details of almost 50 million of its users were stored online in an unsecure database.
Security researcher Anurag Sen discovered the database and alerted online publication TechCrunch in an effort to find the owner and get the database secured.
The database, hosted by a third party in the cloud, was left exposed without a password. It contained information scraped from millions of Instagram influencers, celebrities and brand accounts. This included private contact information, and public data such as profile pictures and bios. The database also contained an estimate of the financial value of each account, based off the number of followers, engagement, reach, likes and shares they had.
It has been traced back to Mumbai-based social media marketing firm Chtrbox.
The database has now been taken offline. Facebook, which owns Instagram, has said: “We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”
The NCSC has published a blog post discussing the risks associated with leaving sensitive data exposed in unprotected AWS S3 buckets. We also recommend policies that organisations can implement to make it easier to be secure.
Hackers breach Stack Overflow Q&A site
Stack Overflow, a question and answer site for programmers, has suffered a breach in which hackers were able to exploit a bug to gain access.
The company’s latest update confirms that hackers were able to get access to user data but stressed it was for only a small number of users.
This data included IP addresses, names and email addresses. They stated: “Our investigation suggests the requests in question affected approximately 250 public network users. Affected users will be notified by us.”
As part of the company’s update, they have also highlighted the actions they have taken to resolve the issue including patching known vulnerabilities.