email support

Ask us about your TalkTalk email account and Webmail.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TalkTalk Email system is insecure - Hacked

Ttcustomer60
First Timer
Message 6 of 6

Hi All, my fathers talktalk email account was recently hacked and the hacker had added a forwarding address via a rule so that they received all emails to a gmail account.

 

I managed to remove the redirect rules and change his password to make it secure. I also changed the settings to log out after 5 minutes, then logged out and logged back in with the new password.

 

Several hours later I noticed the hacker still had access to the email account and had also added new rules to redirect to a different address.

 

How can the talk talk email platform be so insecure in this modern age?

 

Why does it not have the ability even to add 2 factor authentication or even the ability to see currently logged in devices and the option to log them out? Not even a basic login history.  This is basic security and I cannot believe talktalk doesn’t have this functionality?

 

Therefore I don’t think the talktalk email platform is fit for purpose and the security needs updating ASAP.  Is it even legal for an email platform to lack these basic security functions?

5 REPLIES 5

Message 1 of 6

Hi Ttcustomer60, we don't have the access to force logouts unfortunately. OX who provide our platform do have that access getting a fault ticket to them is not a quick process. To raise the ticket I need the landline of your father's account and his mobile number for contact. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Message 2 of 6

As I said in the very first paragraph of my reply. A later version of the Open Xchange mail platform does indeed have the ability. I have previously recommended the upgrade. 

 

TalkTalk can indeed raise a fault ticket to log out all devices and see the IP address and hence the access point used by the hacker.

GondolaVolunteer 2017-2021

 Like below to appreciate my help . . . Mark as solved + Accept as Solution

0 Likes

Ttcustomer60
First Timer
Message 3 of 6

Ive now updated this profile to include my fathers talk talk account details.  It would be good if you could log out all devices from his account to make sure it is now secure.  I have also updated his password to a very secure one and removed the new redirect rules that were added by the hacker.

0 Likes

Ttcustomer60
First Timer
Message 4 of 6

I understand about users taking precautions themselves and the problem was caused by him using an insecure password that was hacked from another website.

 

The issue I have with talktalk, is the problem that even after updating the password to a secure one and logging out, how was the hacker still able to access the account and why does talk talk not have the simple functionality to view all logged in devices and log them out?  This should be added to the talk talk platform as an urgent update.

Gondola
Community Star
Message 5 of 6

Hi Ttcustomer60 

 

Good ideas and options that are possible in a future upgrade that I would like to see implemented. 

 

Security isn't just about a mail service provider being 100% responsible it's got to involve the mail user to take care the password isn't discovered. 

 

Does your father have an idea of how the password was discovered? 

 

On the scenario that the hacker is still signed in after a password change then so long as the device used to change the password isn't running password grabbing malware the hacker will ultimately get dropped and the mailbox will be prevented from sending mail as a precaution. This stop on sending is triggered when multiple concurrent logins are detected from different geo-separated IP addresses. For example, you're connecting from the UK and a hacker from Russia.

 

Prepare for TalkTalk Support by updating your Community  MY PROFILE

  • Select your avatar top right, MY SETTINGS, Personal Information, and include:
  • Your father's name, current TalkTalk home 'phone number (unless taking a full-fibre non voice service). An alternative (mobile preferred) contact number. Full address with postcode (Location)
  • Scroll down to Private notes to add his email address and notes etc
  • After checking and updating, Save changes

Select here: Update your profile

 

GondolaVolunteer 2017-2021

 Like below to appreciate my help . . . Mark as solved + Accept as Solution

0 Likes