Reply to post: Welp that answers alot

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Sgt_Oddball Silver badge

Welp that answers alot

Interview on the radio over lunchtime had the MD mentioning about an SQL injection attack.

If thats the case, it doesn't matter if the database was encrypted or not (note, encrypted, not hashed). If you can get a direct line to run queries, then unless the data is hashed as well (rendering it pretty much useless for anything other than confirming details like a password or username, unless I've missed a trick there) they've pretty much got the keys to the kingdom.

Also, if true then what sort of trained gibbon do they have running their IT to fall prey to the most basic of basic attacks? Secondly, data siloing, ever heard of it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019