It was one of the biggest hacks in recent history – more than a million people’s sensitive data stolen and tonight – we’ve got inside information about how it could have been carried out.
Hackers who claim they were in on the TalkTalk hack from the start have raised serious questions about the security of one of Britain’s biggest brands.
The world of cybercrime is a murky one – identities are hard to pin down, and facts not easy to verify Channel 4 News spoke to four people within the hacking world who claim they watched the TalkTalk hack unfold – and one even took part.
They’ve all described the same chain of events – and if it’s true, it shows how easy it is to break into a multi-million pound company.
TalkTalk say they found out about the hack on Wed 22 October, but our sources say the break-in started days before.
“It was in a Skype group call…with a lot of laughing and making fun of TalkTalk,” one hacker claimed.
In that call, one of the hackers allegedly shared a flaw in TalkTalk’s website – it allowed access to the company’s customer database.
Once leaked, it’s claimed multiple hackers used it to pull out names, email addresses and more.
“It got passed around… at least 25 people had access to it,” they explained.
So how could the group find the hole in TalkTalk’s website? The short answer is – by using Google.
It’s possible to use Google to find flaws in websites – you enter in some code, and it throws up a list of vulnerable sites.
Its really low level stuff, such tactics shouldn’t work against a big company’s site. Even the hackers were surprised.
One hacker said; “I was shocked”.
The same hacker claimed he tried to warn the company: “I tweeted TalkTalk about an hour before everything happened and they weren’t interested, so I thought f*** them, their security is their problem”.
He claims he’s now deleted his tweet.
So why did they do it?
“There was no group, it was just a few friends laughing about a company with bad security.”
“It’s fun for us”
Not so much fun for TalkTalk customers, some of whom have reported being targeted by scammers in sophisticated fraud campaigns.
Police are still investigating the hack and have arrested four people, including three teenagers. No-one has yet been charged.
A spokesperson for TalkTalk has told Channel 4 News; “TalkTalk is taking these issues very seriously, and is co-operating fully with the police investigation.
“It has however been asked by the police not to make any further comment while the investigation is under way, and can therefore only say that the information included in this report has not been verified and is in some respects materially inaccurate.”