Researchers are urging TalkTalk customers to change their passwords in the aftermath of the recent Mirai botnet attack that enslaved their routers. TalkTalk, however, is taking a relaxed view; leaving it to its users to decide whether or not to adopt any security measures. Security advisers are not impressed by the company’s laissez-fair attitude and are urging all ISPs to assume proactive responsibility, to prevent botnet operators from using hijacked routers to ‘endanger the internet ecosystem’.
After suffering a major cyber attack in October 2015 TalkTalk stated that the lost data had not been encrypted, and that they were not legally required to encrypt it. However, the recent vulnerability is just another example of the importance of changing default passwords of any device connected to the internet – a measure widely touted as the only way to ensure minimum security with IoT devices. Caveat emptor.