Home
 » ISP News » 
Sponsored

UPD2 Database Scare as TalkTalk UK Contract Details Left Exposed to the Public

Monday, May 28th, 2012 (9:49 am) - Score 663
internetpadlock

Somebody has unwittingly exposed sensitive contract details for a TalkTalk Business UK ISP subsidiary (Greystone Telecom) to the internet by failing to prevent anonymous access via their Microsoft IIS web server. TalkTalk claims to be busy tracking the source down.

According to The Register, the vulnerable server is hosted by a Demon Internet account holder and its contents (customer data, contract prices, copies of sales orders and spreadsheets), being effectively public, have thus since been indexed by Google’s search engine. A spokesperson for TalkTalk allegedly said that as it wasn’t one of their servers then they couldn’t tackle the problem, although the ISP has since told us something slightly different.

A TalkTalk Spokesperson told ISPreview.co.uk:

We take data protection very seriously and have launched an investigation. We have established that the data did not come from any of our servers or any of our contactors’ servers, and that our firewalls and security procedures are functioning properly.

We are working to identify the IP address from which this data was disseminated, and are in contact with the appropriate authorities.”

Being the curious types we decided to do a little digging and found the offending server in a single search, although it mostly contained maintenance contracts / orders for Greystone. For obvious reasons we’ve chosen not to mention where it is but anybody could easily track it down. Some of the information could prove to be commercially sensitive and we’re currently attempting to get further clarification from TalkTalk.

greystone telecom uk isp exposed ftp

UPDATE 1:11pm

Updated the article to reflect TalkTalk’s official line.

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
4 Responses
  1. Avatar adslmax

    Host is down.

  2. Avatar Kyle

    I sincerely hope that all the customers of this utterly inept ISP realise that TalkTalk do NOT care about your data protection.

    Only the other day, they hadn’t bothered to respond to a request for further information before their mail was blacklisted and now their lack of intent on actually assisting this ISP with this data breach is worrying.

    Getting such cheap services means that other areas are cut. In this case, it’s customer security and is clearly apparent that they are completely ignorant or just downright do not care. Either way, they should be prosecuted for this. If it were my business, they would have had a DPA lawsuit filed against them already.

    It still baffles me why people choose to use this ‘telco’. They are nothing but incapable of running a ‘service’. Next we’ll be seeing an update from Dido Harding saying how she thanks you for ‘bringing this to her attention’; a typical, sub-standard response whenever an issue is raised with this mockery of a company.

    I’m not bitter towards comapnies that make mistakes. I am towards companies that make mistakes, deny they’ve made them, thank you for pointing out the mistake and promising it won’t happen again. They will never learn. Fortunately, I did.

  3. Avatar zemadeiran

    MS iis = shit

    Linux webservers all the way!

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £21.00 (*25.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: £50 Shopping Voucher
  • TalkTalk £21.95 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £21.99 (*34.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £75 Cashback
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2539)
  2. FTTP (2260)
  3. FTTC (1680)
  4. Building Digital UK (1618)
  5. Politics (1448)
  6. Openreach (1433)
  7. Business (1261)
  8. Statistics (1115)
  9. FTTH (1107)
  10. Mobile Broadband (1059)
  11. Fibre Optic (978)
  12. Ofcom Regulation (925)
  13. Wireless Internet (921)
  14. 4G (919)
  15. Virgin Media (871)
  16. EE (606)
  17. Sky Broadband (602)
  18. TalkTalk (587)
  19. Vodafone (535)
  20. 3G (418)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact