TalkTalk and Post Office routers hit by cyber-attack

  • Published
TalkTalk's DSL-3780 router is affectedImage source, TalkTalk
Image caption,
TalkTalk's DSL-3780 router is affected

Thousands of TalkTalk and Post Office customers have had their internet access cut by an attack targeting certain types of internet routers.

A spokeswoman for the Post Office told the BBC that the problem began on Sunday and had affected about 100,000 of its customers.

Talk Talk also confirmed that some of its customers had been affected, and it was working on a fix.

It is not yet known who is responsible for the attack.

Earlier in the week, Germany's Deutsche Telekom revealed that up to 900,000 of its customers had lost their internet connection as a result of the attack.

Image source, Getty Images
Image caption,
The Post Office provides a broadband service that runs off the back of TalkTalk's service

It involves the use of a modified form of the Mirai worm - a type of malware that is spread via hijacked computers, which causes damage to equipment powered by Linux-based operating systems.

Mirai was also involved in an earlier attack that caused several of the world's leading websites to become inaccessible, including Spotify, Twitter and Reddit.

Several models of router are vulnerable to the latest cyber-assault, including the Zyxel AMG1302, which is used by the Post Office.

"We would like to reassure customers that no personal data or devices have been compromised," said the Post Office's spokeswoman.

"We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers.

"For those customers who are still having problems, we are advising them to reboot their router."

Doing so causes the machine to make use of updated software.

Image source, Zyxel
Image caption,
Zyxel's AMG1302 router fell victim to the Mirai worm

The same router is also used by Kcom, an internet service provider (ISP) based in Hull, whose customers have also been affected.

"The vast majority of our customers are now able to connect to and use their broadband service as usual," the firm said in a statement.

"Our core network was not affected at any time and we have put in place measures to block future attacks from impacting our customers' routers and their ability to access the internet."

Attack widens

TalkTalk also confirmed that its D-Link DSL-3780 routers were affected but said only a small percentage of its customers used them.

"Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm," a spokeswoman said in a statement.

"We have deployed additional network-level controls to further protect our customers."

Security researchers had previously suggested that the routers were vulnerable to the Mirai malware.

One expert warned there could be worse to come.

"The next step for attackers could be to hack into other home devices once they gain access to the router, like web cams, smart TVs, or thermostats," said Pavel Sramek from the cybersecurity firm Avast.

Related Internet Links

The BBC is not responsible for the content of external sites.