TalkTalk Urged To Improve Security Over Web System Flaw

TalkTalk Strongly Urged To Improve Security

In the last year, the security of major businesses websites, or more accurately the lack of, has come into sharp focus. The way in which some firms handle our information is shockingly poor. It rightly makes us very anxious about what information we share online.

In regards to TalkTalk, however, it seems an anonymous hacker may have revealed a significant security flaw on their website which has lasted for several years.

A flaw which has existed for several years

In a report via SkyNews, they were contacted by an anonymous hacker referred to only as ‘B’. In the report, he made aware that on the TalkTalk website, he was aware of a significant flaw with the security in their web design. If that wasn’t bad enough, it appears to be one that has existed for a long time with TalkTalk either not realizing it or not doing anything about it.

As part of the exploit, he found that he was able to use a “Cross-Site Scripting” error. This allowed him to take control of a highly convincing “talktalk.co.uk” account. From this, he demonstrated how easy it would be for him to use this to attempt to phish information from prospective customers.

Why did he do this?

The reasons are unclear, but it is likely that ‘B’ represents a group known as white-hacktivists. These people endeavor to find security flaws within companies business but do so for positive reasons. They find backdoors and exploits only to bring them to the attention of the company or the general public rather than attempting to use them for their own personal gain.

It does, however, highlight another major company that has major problems dealing with their online security.

What do you think? Do these news stories surprise you or are they alarmingly all-to-common? – Let us know in the comments!