Talk Talk hacked: Mirai worm compromises 57,000 customers

Tens of thousands of TalkTalk customers are at risk of having had their passwords stolen after it was revealed that a hack against the company’s broadband routers was more severe than initially thought, The Telegraph reports.

The cyber attack, which left some Post Office and TalkTalk customers without internet for days last week, also involved up to 57,000 of TalkTalk’s customers having their Wi-Fi passwords stolen, according to security expert Ken Munro, a security research at Pen Test Partners.

“The Wi-Fi password protects all of the traffic on your home network so if a hacker has got the key, they can get onto your home network and see all of the traffic on there, including social media accounts and other passwords,” said Munro, speaking with The Daily Telegraph. “The only limit is that you have to be physically close to the house.”

The severity of the problem spreads further than just this incident however, with roughly ten million routers susceptible to the Mirai worm malware.

With a customers’ Wi-Fi password and equipment location, hackers are able to access everything on a network.

TalkTalk has since issued a software update for the faulty D-Link DSL-3780 routers, but this does nothing to prevent a second attack that targets passwords.

A spokesman for TalkTalk said: “As is widely known, the Mirai worm is an industry issue, affecting many ISPs around the world. A small number of TalkTalk customers have been affected, but we can reassure customers that no personal information is at risk.”

The company initially suggested some customers should change their Wi-Fi passwords, but then amended this in an updated statement.

“If customers have an issue connecting to the internet, they should visit our help site where they can find a guide that will show them how to reset their router. There is no need for customers to reset their Wi-Fi password.”

The company has also put in place some temporary network-level controls for added protection.

The attackers are said to have used the Mirai worm, which was used to take swathes of the internet’s most popular websites down in October when it targeted the Dyn domain name service.

Exploiting a flaw in some routers, the worm has recently been used to knock Post Office, TalkTalk, Kcom and Germany’s Deutsche Telekom customers’offline in an attack that began on November 27.