quote: TalkTalk has revealed that it suffered what it calls a "significant and sustained cyberattack" on its website yesterday morning, and that banking and credit card details of up to four million customers may have been compromised. A TalkTalk spokesperson told Ars that, after it noticed what it believes was a DDoS attack, the company took its website down as a precaution, and is now investigating the extent of the damage. [...]
That's a truly odd statement from TalkTalk. Are they so clueless as to even suggest or ambiguously connect a DDoS attack to a breach of their customer data?
The loosely defined difference is that a DDoS is something bad that happens to a site while a breach is something bad a site does to itself.
Years ago DDoS'ing a site that you've scraped customer data from occurred but with the reporting requirements in place today the reasons for DDoS'ing have been eliminated. e.g., keeping victims unaware of breach by limiting access to breached site where an advisory could be posted.
Listening to the gal talk/what she saying I thought I was watching Monty Python
"The email we send to customers - you can check the header to make sure it's from us."
Not to spoil the clip for anyone... How can you tell the difference between a real TalkTalk email from a spoofed TalkTalk email according to their spokesgal? 1. A real TalkTalk email will have a link... 2. The headers will have what email address the email was sent from...
Boy, 15, arrested in Northern Ireland in connection with TalkTalk hack
A 15-year-old boy has been arrested in Northern Ireland in connection with the TalkTalk hacking attack, Scotland Yard has said. Metropolitan Police said a house had been searched in County Antrim on Monday afternoon at about 16:20 GMT. The boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at Antrim police station and is being questioned by detectives from the Police Service of Northern Ireland.