User comments on ISPs
  >> TalkTalk Broadband


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User TPCR
(newbie) Thu 30-May-13 16:42:45
Print Post

TalkTalk do not care about the security of your credentials


[link to this post]
 
I will be quoting from the original thread which an OCE refuses to forward to the relevent department and stresses that I duplicate the issue here ?????

Hi Emm

I am still awaiting the reference number after 30 mins of waiting (what is going on)

After filling in the questions I noticed a possible security flaw which I would like confirmation and proof to whom the answers to the security questions are going.

http://s19.postimg.org/x6jv3e90z/Inconsistant_bill_a...

I think the whole security section needs a major revamp to be made more secure.

I have see that a lot of members have had to fill in the security questions on more than 1 occasion until they get the reference number which is not right.

Cn you confirm if it is human intervention the produces the reference number or is it computer generated.

I know you will ask me to fill in the form again and I have 3 times and still no reference number.

I cleared the dpa etc before so please feel free to use those details until your relevent team sorts out the flaws and security issuses with the relevent newish system.

Is it not ironic that after I submitted the above, I have just this minute recieved the reference number

Response

Thank you for contacting us.

Your incident number is xxxxxxxxxx

That is 1 0f 3 so will the other 2 turn up and if so will you need me to post them



Hi TCPR,

It can take up to 20 mins for the auto response to be sent. We would advise you to remain patient and await the reference should this process need to be followed at some pont in the furture.

Cheers
Em x


It not so much the waiting time, more the fact of the redirect to webmaster message, and if the security answers are being intercepted.

It is a very worrying thought as there should be no redirect of any kind as it should go straight to a confirmation page upon successful completion of the form with a brief message advising that the user will receive an email within 20 mins time frame you mentioned and a link to take them back to the section of the thread that they were answering the questions for.

Sorry but this day and age I am very wary of when and how my credentials are used. as I also have to route out spammers to my forum so caution all the way even though some do not like it but it has to be done


Cheers Emm

Could you not forward it to your security department for verification


Hi TCPR,

We do not have a "security" department. Please follow my advise if you would like to provide feedback.

Cheers
Em x


I will do so

But tbh and to note that I find it disgusting that a multimillion pound company have not got a security department esp in relation to IT matters which could compromise your clients.

So which department (If any) deals with security related issues, whether or not it is IT related.


Hi TCPR,

I'm not exacrly certain I understand what you are trying to raise and to whom. The forum security process is agreed with the compliance team. The way in which it is implemented is controlled by the online community manager. To provide feedback regarding the forum process you would need to post in the "ideas" section as I have advised.

Cheers
Em x




I will do so

But tbh and to note that I find it disgusting that a multimillion pound company have not got a security department esp in relation to IT matters which could compromise your clients.

So which department (If any) deals with security related issues, whether or not it is IT related.


Hi TCPR,

I'm not exacrly certain I understand what you are trying to raise and to whom. The forum security process is agreed with the compliance team. The way in which it is implemented is controlled by the online community manager. To provide feedback regarding the forum process you would need to post in the "ideas" section as I have advised.

Cheers
Em x


To clarify and help you to undersatand

I said I will post in the ideas section, However the info should also be forwarded onto the relevent department/s (and it should not be required for me to duplicte the info into another thread related to informing you of the possible breach
As shown in post #3 the screenshot clearly shows the form being redirected to the webmaster, implicating a possible breach of security
As advised the redirection page to the webmaster should not be in place and a confirmation page with a brief message should then inform the client upon successful completion the proposed wait of up to 20mins for the email to be recieved
Confirmation from the relevent (should be Security department) department that the security answers are not being intercepted in any way shape or form

I do not like the feeling that my details could potentialy be compromised within a multimillion pound company, that should have a proper security department in place.

As it stands at the present moment the webmaster can see all the answers to the security questions and as you have stated the webmaster should never see the answers so therefore the info I supplied should be forwarded to the relevant departments without hesitation


Hi TCPR,

As per previous posts we do not have a "security" department. If you believe there is a problem with forum functionallity this needs to be reported to the Online Community Manager through the ideas section. This is not something we can assist with in the customer services section of the forums.

Cheers
Em x


I appreciate what you are saying however

As it stands at the present moment the webmaster can see all the answers to the security questions and as you have stated the webmaster should never see the answers so therefore the info I supplied should be forwarded to the relevent departments without hesitation


Hi TPCR,

The responses to security questions are sent on a seperate TalkTalk owned system. They are not visable via the forums to anyone. They are not visable to the OCEs without the reference that we ask you to provide. The message may not be clear and for this reason you need to post in the ideas section of the forums. I can not stress enough that we can not assist with this through the customer services section of the forums.

Cheers
Em x


Hi TPCR,

The responses to security questions are sent on a seperate TalkTalk owned system. They are not visable via the forums to anyone. They are not visable to the OCEs without the reference that we ask you to provide. The message may not be clear and for this reason you need to post in the ideas section of the forums. I can not stress enough that we can not assist with this through the customer services section of the forums.

Cheers
Em x


I did not say they are visible via the forums to anyone but they are being redirected to the webmaster which could potentially see them and as you clearly stated the relevant team/s etc there was no mention that the webmaster was allowed to access or view them in any way shape or form, so therefore this is clearly a possible breach of security that needs to be addressed forthwith and without hesitation.

And yes it is relevant to Cs&B as it is security related.


Hi TPCR,

As per previous posts I can not assist with forum functionality issues. This is not a customer services issue and does not relate to your TalkTalk services. It is a forum functionality issue and as such needs to be raised via the appropriate channel which I have advised of. Due to this I will not be adding further posts to this thread. Please follow the advise previously provided if you wish to follow up on this matter.

Cheers
Em x


To reiterate

you are saying that a possible breach in security is not a CS&B issue and you are not prepared to forward the information to the relevant team for review

Edited by TPCR (Thu 30-May-13 16:45:10)

Standard User reset
(member) Fri 31-May-13 10:04:30
Print Post

Re: TalkTalk do not care about the security of your credenti


[re: TPCR] [link to this post]
 
HI TPCR
You're wasting your breath mate, you will never get any admission of any mistake from any staff member, neither will you get any reasonable answer to your query'

Their system of ID verification is a long winded and slow process, badly designed and thought up by fools.
Whatever system they used in the past was far easier and simple, why on earth did they change it?

Seems that customers of TT are necessary evils and not to be looked after and kept, this attitude will lose them many more than they gain.

Reset
Standard User TPCR
(newbie) Fri 31-May-13 10:15:27
Print Post

Re: TalkTalk do not care about the security of your credenti


[re: reset] [link to this post]
 
I have had a response from Mrs Harding and she appologised for me having to contact her directly, and will get her team to investigate, and will get back to me asap (watch this space) and see what they say

Yes the old system worked a charm as basically all you had to to was to PM the OCE dealing with your request and only they could see, check and verify your details against your account, but now I am not so sure from what I have seen and encountered if anyones detailes could potentialy be sold for 3000 rupees etc (I hope not but these days 1 can not always tell where our details are going

After the horse has bolted aka your details sold for rupees in the contact us form reply to your Email with the incident number if your lucky to get it

This email and its attachments are confidential and intended for the exclusive use of the addressee(s). This email and its attachments may also be privileged or protected by legal rules. If you have received this by mistake please let us know by reply immediately and destroy the email and its attachments without reading, copying or forwarding the contents.

Edited by TPCR (Fri 31-May-13 10:22:35)


Register (or login) on our website and you will not see this ad.

  Print Thread

Jump to