Ex-TalkTalker TalkTalks: Records portal had shared password. It was 4 years old

Is that how crims nicked the engineers' data?

Exclusive Fraudsters who attempted to scam TalkTalk customers by using records of their maintenance engineer visits are thought to have bought that info from current or former staff.

According to one ex-TalkTalk employee, who asked not to be named, the company uses a third-party system called Qube Portal to book visits and record information. The platform is also used by EE and BT for booking third-party engineer appointments. Our source speculated that criminals may have gained access to TalkTalk information via the portal.

The system is thought to log the customer's name, account number, landline number, mobile contact number given, address, and date of birth.

Our insider said: "Some of these reports can be somewhat humorous. For example: 'Customer answered door wearing an adult nappy*'."

Approximately 1,000 agents based in India, where TalkTalk's technical support team operates, have access to that information. Our source said only about 100 agents in the UK are familiar with the system.

The source also claimed that the system was accessed by a shared login and password that hadn't changed for the last four years.

He said: "My educated guess is that the details were leaked by offshore Indian agents."

At the end of January, TalkTalk said it was considering cutting ties with its Indian call centre provider Wipro after three employees at the site were arrested for allegedly scamming customers.

The Register asked TalkTalk for comment, but the provider said it was not able to provide further information.

It said: "Late last year, we received complaints from a small number of customers that they had been targeted by scammers following visits from engineering companies used by TalkTalk and several other providers. We investigated these concerns and were in contact with customers about this issue throughout December. We have received no further complaints on this issue since that time.

"We understand that customers of other companies may also have been targeted in the same way during this period." ®

* No there's nothing funny about having to wear or even just wanting to wear an adult nappy. But there's a lot that's funny about appearing at the front door wearing nothing else.




Biting the hand that feeds IT © 1998–2019