Tens of thousands of TalkTalk customers are at risk of having had their passwords stolen after it was revealed that a hack against the company’s broadband routers was more severe than initially thought.
The cyber attack, which left some Post Office and TalkTalk customers without internet for days last week, also involved up to 57,000 of TalkTalk’s customers having their Wi-Fi passwords stolen, according to a security expert.
Ken Munro, a security researcher at Pen Test Partners, said passwords could have been stolen from the faulty routers, which could give cyber criminals access to all of the information on customers’ home networks, including further passwords and financial details.
“The Wi-Fi password protects all of the traffic on your home network so if a hacker has got the key, they can get onto your home network and see all of the traffic on there, including social media accounts and other passwords,” said Munro. “The only limit is that you have to be physically close to the house.”
Munro urged TalkTalk to replace the faulty routers. But the problem affects more than just the telecoms company. Munro said over 50 different brands and 10 million routers in total could be vulnerable.
With a customers’ Wi-Fi password and equipment location, hackers could access everything on a network and steal further sensitive information, he warned.
TalkTalk issued a software update for the faulty D-Link DSL-3780 routers, but this does not prevent a second attack that targets passwords, Munro said.
A spokesman for TalkTalk said: “As is widely known, the Mirai worm is an industry issue, affecting many ISPs around the world. A small number of TalkTalk customers have been affected, but we can reassure customers that no personal information is at risk.”
The company initially suggested some customers should change their Wi-Fi passwords, but then amended this in an updated statement.
“If customers have an issue connecting to the internet, they should visit our help site where they can find a guide that will show them how to reset their router. There is no need for customers to reset their Wi-Fi password.”
The company has also put in place some temporary network-level controls for added protection.
The attackers are said to have used the Mirai worm, which was used to take swathes of the internet’s most popular websites down in October when it targeted the Dyn domain name service.
Exploiting a flaw in some routers, the worm has recently been used to knock Post Office, TalkTalk, Kcom and Germany’s Deutsche Telekom customers’offline in an attack that began on November 27.
Some Post Office and TalkTalk customers complained they were still having trouble connecting to the internet today, which could be a result of continuing attacks.
“There’s more to go on this story,” said Munro. “We’re already seeing discussion from TalkTalk customers of their routers failing, and we’re not sure if that’s because the fix didn’t work or if someone’s already taken control of their router.”