Home
 » ISP News » 
Sponsored

Security Fail Allowed TalkTalk Customer to See Different Person’s Account UPDATE

Saturday, March 13th, 2021 (12:01 am) - Score 9,960
Error message concept. Alert, attention notification. Important reminder

One of TalkTalk’s UK broadband ISP customers, who asked to remain anonymous, has criticised the provider for being “staggeringly uninterested” after he reported a security flaw, which persisted for the best part of a week and enabled him to see the private personal account details of a different subscriber.

The customer had only recently joined the provider, but upon logging in to TalkTalk’s online account section on 5th March 2021 he was shocked to find that a different customer’s account details were being displayed. “This seems like a major breach of security regulations and something TalkTalk urgently must fix, I’ve contacted them, and they don’t seem very concerned,” he said.

According to the customer, he raised the “totally unacceptable” issue with TalkTalk’s customer care team on Twitter, but they just kept “repeating that I will be able to see my details when the account is activated, which rather misses the point, I think. I have repeated this a few times to them, but they keep saying the same thing.” The matter has also been raised with the Information Commissioner’s Office (ICO).

We’ve seen issues like this crop up with other providers from time to time too, and they’re often a symptom of isolated database errors. “As of this morning [9th March], I can still login and see this other person’s details. It’s a bit odd though as, on login, the page reloads several times, so it does seem like something is technically wrong,” added the customer.

talktalk_data_breach

ISPreview.co.uk raised the issue with TalkTalk and was promptly told that it was being investigated as a “matter of urgency and high priority.” After a couple of days the ISP was able to confirm that there had been an anomaly with one customer’s account (albeit affecting private data for two customers), but they added that it was a one-off error and has now been resolved. Sadly, it took an intervention from us before this happened.

The ISP made clear that there was no external penetration of their systems (hacking), nor any insider threat or intrusion, and the customer’s details were not stolen (we should add that no financial details were ever exposed).

A TalkTalk Spokesperson said:

“We have investigated the incident and identified a one-off technical error that led to a limited amount of one customer’s data being visible to the customer ISP Review contacted us about. This issue has now been fully resolved. We are in contact with and have apologised directly to the customer concerned.”

We queried how customers should go about the business of reporting future security issues to the provider and were advised that they should use TalkTalk’s regular customer channels (telephone, email, live chat and Twitter), even though that didn’t work too well this time around. TalkTalk added that keeping their customers’ data secure was a top priority, and they would always expedite the handling of such enquiries.

UPDATE 29th March 2021

We’ve been in contact with the TalkTalk customer who had their account exposed, and he claims to have been contacted by 11 of the provider’s other customers about the issue, which suggests that the breach was wider than the ISP indicated. The customer concerned is now considering legal action.

Leave a Comment
30 Responses
  1. JmJohnson says:

    Please… it’s not a one off.
    They keep sending bills to my office for an active service we’ve never had.
    Every 3months I advise them that either they are making an error or not stopping a fraudulent account.
    They say they’ll investigate it and then I get another bill at a later date.

  2. Tom says:

    Reminds me of Barclays. I was about to close the account so wanted to download the statement history. I just downloaded my statements and noticed along with mine, some of them belonged to someone else. They weren’t super interested though for some reason.

  3. Issac says:

    Ye I reported the came thing and they were very just ok well no. Problem

  4. Rob Wilcock says:

    It has been 99.9% impossible to contact talktalk for months as they hide behind covid excuses to cut customer services staff. They give a number which only takes you through an automated service. The online chat hasn’t worked for months. Most of their email addresses either don’t work or they just don’t reply. It took me months to get a problem fixed which was a simple fix of a new router. Worst customer service I have ever seen. You just can’t contact them. I eventually got my problem fixed after I contacted the CEO.

    1. derek durbridge says:

      I had the same problem with them,was paying 41 pound a month for nothing.Cancelled my contract as they broke it, now hounding me for Money lol

  5. S.G says:

    Had the same issue in October last year. I saw someone’s account including devices connected to their router. Reported to TalkTalk. They did nothing about it. Thankfully I left them within 30 days (mainly for different reasons but thus definitely contributed). Are you able to share ICO’s reference? I’d love to report my case too and I think it would be great to link them.

  6. Mrs Susan baker says:

    Been with talk talk from the 2/3/21 and still can’t use my phone.

  7. GNewton says:

    This would be severe security breach and as such a not fit for a telecom service, hence a breach of contract, in which case the user should cancel the contract with TalkTalk immerdiately. Perhaps also report it to the ICO, too?

  8. D Robertson says:

    I have reported my landline a few times they keep sending me a link to report done this 3 times said issues and they will let me know when fixed won’t hold my breath on that 1. I will be changing providers

  9. Optimist says:

    Calamity Dido moved from Talk Talk to take charge of the NHS COVID Test and Trace programme. That has been a failure too.

    1. Stephen Wakeman says:

      Yeah funnily enough they had an issue with contacts and details too didn’t they. Using such state of the art technology to parse millions of people’s details. An Excel workbook.

  10. John says:

    I had been with talktalk for 5 years. Then had a fault on the phone line which meant they had to divert my calls to my mobile. 5 months later and hours spent trying to talk to someone who could understand plain english I have moved to vodaphone.

    1. Stuart Gibson says:

      You have went from bad to worse sadly, both companies customer service are shockingly bad

  11. Roger_Gooner says:

    I don’t understand how this error is possible. If, say, the account number is the primary key the database will ensure that it’s unique among the customer records. One example is Oracle’s unique constraint which is an integrity constraint that ensures the data stored in a column, or a group of columns, is unique among the rows in a table.

  12. André says:

    Bearing in mind they were the stooges behind the largest data breach ever in the UK a few years ago, it seems they’re remaining true to form.

    Wouldn’t touch them with a barge pole, no matter how cheap they are.

  13. Darren Reid says:

    This is absolutely shocking. They need a bug bounty contact email at minimum

  14. JP says:

    Typical of pretty much any company now to either leak or sell your data, I trust none of them.

  15. Mike says:

    Bucket shop ISP, bucket shop security.

  16. timeless says:

    l see not much has changed since Dido Harding got sacked and went to track and trace.. she left a mess and continued to be part of one.

    1. Buggerlugz says:

      friends in high places obviously….

    2. Stephen Wakeman says:

      Her husband is the MP for Weston Super Mare. And she’s into horse racing with close friend Matt Hancock.

      But I’m sure her appointment was unrelated and was because of her impeccable record of making a dog’s dinner out of everything she turns her hand towards.

      This government is a festering carcass of corruption. I hope Dido’s bank details get leaked and a Nigerian online fraud ring rinse her dry. It would be the least that karma could do.

  17. Matt says:

    Not surprised, the security at TalkTalk has always been an issue. However, you can’t expect customer service staff to handle it properly. It’s probably better to try to speak to their managers as they would be more capable of handling it.

    Pretty sure disclosing the vulnerability information on deep web would wake them up as well.

  18. Ivanhoe says:

    Have had a problem with my talktalk plus box for months. Recordings freezing when playing back, live TV just goes blank.
    Complained by letter after several chat line discussions. Same advice, reset your box. Issue persists, then a promise of sending a new box which never arrived. Still waiting for a response to my letter. Terrible service after being with them years. They have gone downhill recently.

  19. Sandra says:

    My parents are elderly and recently joined talktalk they have been left with no phone or Internet. I think it disgusting that the only advice they gave me was to reset router no mention of phone. Im going to report to ombudsman to get contract terminated.

  20. Sarah says:

    I have spent months trying to cancel my account, even had a debt collectors letter for a “service” that has never existed. They failed to “go live” when I moved house and I rang them to cancel. Ten days later my father started a new contract, unfortunately with them, yet they have still charged me for the last 5 months. Absolute joke of a company, spent hours on the phone and still not sorted.

  21. Nick says:

    After complaining 5 times and pointless credits costing TalkTalk up to £165 yes thats right I’ve only paid talktalk £19 since November as the broadband was free for 3 months so was just paying for anytime calls.

    Anyway the service has never worked well and I found a cheaper deal with Vodafone and guess what it works very well!

  22. Nick says:

    Also demand to leave early without a penalty. I asked for that and they decided to let me go with no penalty!

  23. Jim says:

    They recently hired Mic Holden Head of Transformation who already screwed quite a few companies, wish them good luck.

  24. Bruce says:

    Why is anyone surprised Talktalk operate on end of life out of support operating systems and freeware. Carry hundred of thousands of known vulnerabilities that they won’t/can’t remediate. Gdpr, pci, standard security controls disregarded. MD of Security and Change and It Ops Director being moved on in the regular rounds of restructuring. Trust them with your data at your peril.

  25. Ray Woodward says:

    Ah, finally a taste of normality, Talk Talk screwing customers about …

Leave a Reply to Jim Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £21.95 (*24.95)
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £22.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • TalkTalk £22.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Speed 50Mbps, Unlimited
    Gift: None
  • Shell Energy £22.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: 12 Months of Norton 360
Large Availability | View All
Cheapest Ultrafast ISPs
  • Community Fibre £20.00 (*29.50)
    Speed: 150Mbps, Unlimited
    Gift: Double Speed Boost
  • Virgin Media £25.00 (*51.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00 (*28.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Gigaclear £29.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Hyperoptic £29.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3291)
  2. BT (2954)
  3. Building Digital UK (1865)
  4. FTTC (1860)
  5. Politics (1850)
  6. Openreach (1770)
  7. Business (1613)
  8. Mobile Broadband (1395)
  9. Statistics (1366)
  10. FTTH (1361)
  11. 4G (1206)
  12. Fibre Optic (1137)
  13. Wireless Internet (1122)
  14. Virgin Media (1111)
  15. Ofcom Regulation (1108)
  16. Vodafone (796)
  17. EE (795)
  18. TalkTalk (740)
  19. Sky Broadband (720)
  20. 5G (690)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact