UK's first Cyber Schools Hubs announced

Pupils from Gloucestershire will develop invaluable skills for future careers thanks to their schools forming the UK’s first ‘Cyber Schools Hubs’.

Following a competitive process, the National Cyber Security Centre (NCSC) has selected Cleeve School in Cheltenham and Beaufort Co-operative Academy in Gloucester to deliver the first hub.

During the 12-month pilot, the schools will host events, trial content and develop innovative ways of introducing cyber security, computer science and related subjects to their pupils.

Cleeve School will act as the lead in delivering the exciting initiative and the hub will also engage with other schools across Gloucestershire. Newent Community School will join as another hub in due course.

Chris Ensor, NCSC Deputy Director for Skills and Growth, said:

“As the home of GCHQ, our parent unit, Gloucestershire is the natural place to start this initiative and we’re delighted to have Cleeve and Beaufort schools on board.
“The cyber threat is growing, so making sure young people have the cyber security skills to help protect us has never been more important.
“Supported by NCSC advice and technical expertise, each school that takes part will increase their teaching of cyber security and will promote initiatives to increase gender diversity in computer science.
“This initiative forms part of our efforts to address the current cyber security skills gap. We have to develop a talent pipeline that will meet the UK’s future cyber security needs.”

Participating schools will build educational resources for teachers, while both teachers and students will directly benefit from the NCSC’s support and technical expertise.

Others supporting the initiative include the South West Regional Cyber Crime Unit, the Bank of England, Northrop Grumman and Cyber Security Associates.

Alwyn Richards, Principal at Cleeve School, said:

“We are delighted to be the lead school in the Cyber Schools Hubs initiative. We are very aware of the significant role cyber is playing in our young people’s lives and will continue to do so in the future.
“Our involvement will allow our young people to directly benefit from the expertise utilised and developed, and we look forward to helping improve the development of cyber and computer science skills across the region.”
David Bishop, Principal at Beaufort Academy, said:
“This exiting project represents a fantastic opportunity for the whole community at Beaufort Co-operative Academy.
“Through the spirit of collaboration and partnership with other schools and industry supporters it will inspire the next generation of highly skilled and qualified scientists and engineers.
“This is a genuine chance to be at the forefront of national development in this area and we feel privileged to be a part of it.”

Advice to thwart ‘devastating’ cyber attacks on small charities

The NCSC launches its first cyber security guidance for the charity sector.

  • National Cyber Security Centre publishes cyber threat assessment for charity sector
  • Culture of openness makes small charities more vulnerable to cyber fraud and extortion
  • Charities falling victim to a range of attacks with potentially devastating consequences
  • Accompanying guidance will help protect charities from common types of cyber crime

DEVIOUS tricks to defraud small charities through online attacks have been exposed in the first ever threat assessment for the sector, along with guidance about how to defend against possible risks.

The work by the National Cyber Security Centre (NCSC), a part of GCHQ, will give the sector more help than ever before to defend itself from the most common cyber attacks.

There are almost 200,000 charities registered in the UK and the NCSC’s Cyber Threat Assessment reveals how their valuable funds, supporter details and information on beneficiaries is being targeted.

Alongside the assessment, the NCSC has also published the Small Charity Guide to outline easy and low-cost steps to protect from attacks. It includes expert advice that is particularly useful for small organisations on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.

Alison Whitney, Director for Engagement at the NCSC, said:

“The National Cyber Security Centre is committed to supporting charities and we strongly encourage the sector to implement the advice outlined in our guide.
“Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.
“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets, and reputation.”

Writing in the foreword to the Small Charity Guide, NCSC CEO Ciaran Martin said:

“I am extremely proud to present this cyber security guide for charities, who are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity.
“The National Cyber Security Centre aims to make the UK the safest place to live and work online.
“We are committed to supporting the charity sector and we encourage you all to implement the quick and easy steps outlined in this guide.”

The report finds that cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example listed details how a UK charity lost £13,000 after its CEO’s emails were hacked to send a fraudulent message instructing their financial manager to release the funds.

The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission.

Charities have also been encouraged to join the NCSC’s free Cyber Information Sharing Platform (CiSP) to exchange threat information in a secure and confidential environment.

The assessment and report have been well received by the sector, with heads of influential bodies praising the NCSC’s work.

Helen Stephenson Chief Executive of the Charity Commission for England and Wales, said:

“Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework - unfortunately charities are not immune to fraud and cyber crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.
“We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”

Pauline Broomhead CBE – CEO, Foundation for Social Improvement, said:

“This guide will give leaders in smaller charities confidence that they are taking the necessary steps to protect their charity. It is an excellent guide and we intend to make sure our members are fully aware of the valuable information it contains.”
Sir Stuart Etherington – CEO, National Council of Voluntary Organisations (NCVO), said:
“Awareness and knowledge about cyber security continue to differ among charities, but it is important that all charities protect the data they hold from cyber crime. That is why this guide for charities is so welcome - it will help trustees and those working in charities understand what the threats are, and what steps they need to take to minimise the risk of a cyber attack.”

Mandy Johnson, CEO of the Small Charities Coalition, said:

“The Small Charities Coalition welcomes this initiative by the National Cyber Security Centre. As a Coalition we are proactively encouraging small charities to make more use of digital technology, so the timing of this guidance is especially helpful.”

The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.

The Cyber Aware Perceptions Gap Report has also been published today, demonstrating common misconceptions that are preventing people from protecting their online security.

You can see the NCSC’s Cyber Threat Assessment here, the Small Charity Guide here and the Cyber Aware Perceptions Gap Report here.

Notes to editors

If you believe that you or your charity has been the victim of online fraud, scams or extortion, you should report this through the Action Fraud website. Action Fraud is the UK’s national fraud and cyber crime reporting centre. You should also report it as a serious incident to the Charity Commission via RSI@charitycommission.gsi.gov.uk.

The NCSC Small Charity Guide

  1. Backing up your data
  2. Protecting your organisation from malware
  3. Keeping your smartphones (and tablets) safe
  4. Using passwords to protect your data
  5. Avoiding phishing attacks

Who might target the charity sector, and why?

Cyber criminals

  • Cyber criminals are primarily motivated by financial gain. They may seek to directly steal funds held by charities used for running costs or to supply grants and enable frontline activity.
  • They may seek to capitalise indirectly through fraud, extortion or data theft. Datasets containing personal details and financial information are an attractive target and are sold in online criminal forums to enable fraudulent activity using those details.
  • Ransomware and extortion techniques are often central to cyber crime malware campaigns, typically deceiving end users into clicking on malware-infected links in (often plausible and well-crafted) phishing emails or visiting compromised websites. Attackers may steal and threaten to release data unless a payment is made (or another demand is met).

Hacktivists

  • Hacktivist is a term used to describe hackers motivated by a specific cause, for example to further political or personal agendas or in reaction to events or actions they perceive as unjust.
  • Hacktivists have successfully used DDoS attacks to disrupt websites, or have exploited weak security to access and deface them.
  • The NCSC considers that the charity sector is not a priority target for hacktivists, but even a limited website takedown or defacement, could have financial, operational or reputational implications.

Insiders

  • An insider is someone who exploits, or intends to exploit, their legitimate access to an organisation’s assets for unauthorised purposes.

  • Insiders can pass on credentials to attackers (they may have been recruited by other actors, such as criminals or states; role responsibilities are often available online through social networking sites) or conduct activities such as stealing data.
  • Insiders may include disgruntled current or former staff who have left an organisation but retained access to their former employers’ computer systems.

Nation states

  • Threat actors associated with nation states employ cyber capabilities to further their own national agenda and prosperity.
    Some charities operate through local partner organisations in the UK or overseas. Others play a role in helping formulate and deliver UK domestic and foreign policy.
  • The NCSC assesses this makes them potentially attractive targets for state actors who oppose or mistrust their activity.

Terrorist use of cyber

  • For terrorist groups such as Daesh (ISIS), Al Qaeda and affiliates, website defacement and ‘doxing’ (publishing the personal details of victims online) are cyber methods most likely to be used. On most occasions, the data released through doxing is already publicly available. 

Indirect attacks: suppliers and third parties

  • Threats may not come from direct attacks on charities. It is common, especially for smaller charities, to outsource the responsibilities for running, maintaining and securing their IT and data to specialist support companies.
  • Charities may also share data with external organisations such as marketing companies. Cyber criminals and other groups may be able to gain access to charities’ networks and/or information through these companies.
  • Threat actors may be able to access UK-based charity systems through linked branches or projects in other countries where the security culture may be less stringent than in the UK.

NCSC outlines evolving cyber threat during Edinburgh visit

NCSC experts have shared threat intelligence with Scottish counterparts during a visit to Edinburgh.

Experts from the UK Government’s lead cyber security authority shared threat intelligence with counterparts in Scotland during a visit to Edinburgh today (Wednesday, 28 February).

Delegates from GCHQ’s National Cyber Security Centre (NCSC) met senior Scottish Government ministers and executives, as well as industry representatives, to discuss keeping Scotland and the rest of the UK protected from online attacks.

The visit saw the NCSC outline its assessment of the current cyber threat and its likely evolution, the role for government and organisations in addressing the threat, and areas for better joint working.

Speaking after the visit, Ciaran Martin, NCSC Chief Executive, said:

“The National Cyber Security Centre continues to work ever closer with the Scottish Government.

“We welcome Scotland’s commitment to improving its cyber security, underpinned by our world-leading technical expertise, and the steps being taking to strengthen public and private sector organisations through the Scottish Government’s cyber resilience action plans are hugely encouraging.”

The NCSC team also toured Zonefox, an award-winning Scottish cyber security company, and met industry representatives to discuss the country’s cyber industry and how NCSC can continue to support Scottish organisations.

Earlier, Ciaran Martin kicked off the visit with a keynote speech on evolving cyber threats at the Public Sector Cyber Security 2018 Scotland conference.

This was followed by a series of discussions on the NCSC’s role, priorities and work in Scotland with senior Scottish Government ministers and members of the Scottish Resilience Partnership and Scottish Government Executive Team.

The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. As part of this, the NCSC recently held its first CyberFirst Adventurers course – aimed encouraging 11 to 14-year-olds to take up computer science – in Stirling.

A five-year UK National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9billion of transformational investment.

The NCSC provides a single, central body for cyber security at a UK level and aims to make the UK the safest place to live and work online. It manages national cyber security incidents, carries out real-time threat analysis and provide tailored sectoral advice.

Incidents will still happen, and when they do the NCSC website offers advice and information, including support 24 hours a day, 7 days a week, 365 days a year for incidents that need that level of engagement.

Source: www.ncsc.gov.uk

Russian military ‘almost certainly’ responsible for destructive 2017 cyber attack

An assessment by the National Cyber Security Centre has found that the Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack of June 2017.

The UK Government has made the judgement that the Russian government was responsible for the attack, which particularly affected Ukraine’s financial, energy and government institutions but its indiscriminate design caused it to spread further, affecting other European and Russian business.

The destructive attack masqueraded as ransomware, but its purpose was principally to disrupt. Several indicators seen by the NCSC demonstrated a high level of planning, research and technical capability.

The decision to publicly attribute this incident reiterates the position of the UK and its allies that malicious cyber activity will not be tolerated.

Foreign Office Minister of State with responsibility for Cyber, Lord (Tariq) Ahmad of Wimbledon, said:

“The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.
“The attack showed a continued disregard for Ukrainian sovereignty.  Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.
“The Kremlin has positioned Russia in direct opposition to the West: it doesn’t have to be that way.  We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.
“The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.
“We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace.”

The NotPetya attack saw a malicious data encryption tool inserted into a legitimate piece of software used by most of Ukraine’s financial and government institutions.

Once an organisation’s machine was infected, the highly crafted tool was designed to spread rapidly, in some cases overriding the Master Boot Record (MBR) on infected computers and displaying a ransom note asking for payment in Bitcoins. The malware spread via trusted networks, rather than widely over the internet. Therefore, it effectively bypassed the processes put in place to prevent ransomware attacks.

The ransom note instructed victims to make payments to a single Bitcoin wallet with confirmation that they had paid. However, flaws in the payment process quickly became apparent as the ransom note did not display a ‘personal identification ID’ which would enable the attacker to know whose data to decrypt and the payment collection infrastructure was quickly taken down by the attacker’s email provider.

The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive than as ransomware.

NotPetya used the EternalBlue and EternalRomance exploits, which the Shadowbrokers group released in early 2017. Microsoft issued a patch for both exploits.

Source: www.ncsc.gov.uk

UK’s top tech brains share knowledge of Cyber Threat

First CyberThreat Summit brings together cyber security practitioners from both public and private sectors to help combat the growing challenge of online security.

  • First CyberThreat Summit being held in London 27-28 February 2018
  • Pioneering event will bring together Europe’s skilled technical practitioners for talks, workshops and knowledge sharing
  • Conference aims to create a world-leading community of collaborating cyber experts

The UK's first CyberThreat 2018 conference is being held today, 27 February, in London, bringing together cyber security practitioners from the public and private sector to understand how to combat the growing challenge of online security.

Hosted jointly by the National Cyber Security Centre (NCSC) and the SANS Institute, the 2-day event is focused on the truly technical side of cyber defence and incident response.

The specialists attending will hear a range of talks, from world-renowned industry practitioners to rising industry stars. In between sessions, delegates will be taking on a series of interactive exercises designed to test their cyber mettle, such as Hackathons, challenge booths and a two-day Capture The Flag competition.

CyberThreat 2018 aims to help foster a world-leading cyber security community in the UK, encouraging the sharing of bleeding edge techniques, case studies from the real world and new tools. Further emphasis is being placed on cooperation between private and public sectors, as is demonstrated through the partnership between the NCSC and the SANS Institute.

Paul Chichester, Director for Operations at the NCSC, said:

“CyberThreat 2018 is part of delivering on the NCSC’s commitment to encourage collaboration between the public and private sector.
“Our aim is to foster a vibrant UK cyber security technical community that shares its knowledge of the threats we face and best practice techniques that help us understand it.
“This community of defenders will share knowledge, expertise and best practices to understand and ultimately reduce the harm to the UK, making it the safest place to live and work online.”

James Lyne, Head of Research and Development at the SANS Institute, said:

“CyberThreat18 aligns perfectly with the SANS mission to help drive greater education and understanding of how to tackle the cyber threats that face us all on the Internet today. We have been very pleased to work with the NCSC to create the agenda and bring experts and practitioners together for these two days.
"The Summit promises to be rich in real-world experience, blending insights from keynote speakers and experts with emerging talent, and sharing experience and new insights into how to tackle new and emerging cyber threats."

Due to the advanced level of the material on offer, delegates are expected to have deep technical knowledge.

Hard Drives That Have Had Virus or Malware Attacks

​At R3 we have jobs sent to us ranging from Mechanical failures and degraded drives to drives which have been formatted and/or re-installed and overwritten. However, there can be occasions where we get sent a drive that has had some form of attack, whether it is a drive that has been afflicted with a virus, or if it is a drive that has had a Malware attack. We have even had a server sent to us which was infected with a virus and also had a malware attack (Ransomware).

When handling a ransomware case or any case where there is a potential threat for a virus to affect our machines/network we must follow a strict procedure so there is no way of the virus infecting our network infrastructure.

Ensuring clones of the data transfer machine we are going to use have been done and the machine is disconnected in every way from the network is just one of the precautions we take.

Virus scan with Malwarebytes and ESET

After said drive has been recovered/cloned by the engineers. Multiple virus scans are done on the image drive so that we know that if there are any threats on the drive we are able to remove them before we begin the data transfer procedure. If we didn’t do this stage and we began to copy the data without doing a virus scan on the drive, it is more than likely we will copy the virus over to the new drive and the customer wouldn’t be any better off.

All this is done so that we know 100% if there was a threat it wouldn’t affect our internal systems and that the data we are copying for the customer is 100% free of any virus and any potential threats to the machines that they use.

WannaCry Ransomware Attack - How To Recover Your Encrypted Files

During the recent publicity over the WannaCry ransomware attack I was in communication with a number of NHS clients who were asking how many enquiries were we getting.

The reality is the WannaCry ransomware attack was relatively insignificant other than the publicity it attracted and its interference with some services, not to downplay their impact but to put into perspective this attack was smaller in ransom value, ransoms paid and bigger in publicity possibly due to the state of the nation with regard to politics / manifestos / budgets and propaganda.

In terms of monetary value the ransoms were low. In terms of disruption to services it was not the Windows XP systems that were compromised it was the Win 7 and Server 2003 systems.

WannaCry ransomware attack

As a news item I was shocked at the publicity and panic mongering which seemed more politically motivated but I could be wrong, my observation is based on similar outbreaks in 2016 which knocked out entire cities and local authorities but were not publicised to the same extent.

We help the recovery process with ransomware decryption by first imaging drives sector by sector so that there is a second chance of recovery if anything goes wrong.

Don't forget encryption / decryption and malware / antivirus scanning can add extra risk to a storage device failing.

Get advice and assistance from Andy and the team at R3. R3 Data Recovery is real lab that deals with real disasters each an every day. If you have any sort of problem with a hard drive or any data storage device, we are the people to contact. Call us today on 0800 999 3282 for immediate help and assistance.

R3 are ICO registered and have been vetted by Hiscox Insurance for Cyberbreach and data disaster recovery claims assistance.

R3 is one of the few real data recovery labs in the UK and recognised by National Trading Standards forensics and NHS Trust Infrastructure managers as their data recovery rescue supplier.

R3 Data Recovery Ltd has imaging capacity onsite or in lab.

The lab can process imaging of upto 300TB per 24hrs in emergency situations.

We also can image factory / production computer system drives during shutdown periods to help with extending the life of SCADA / bespoke computer operating systems that are not networked or backed up.

R3 processed more successful recoveries of flood damaged ( submerged in effluent / flood water) drives in 2016 than any other british based data recovery lab.

R3 Data Recovery Ltd process Large scale IBM, HP, Dell, EMC, QNAP, Synology, RAID / SAN, VmWare HyperV and Drobo beyond RAID recoveries in Sheffield that our nearest competitors cannot undertake in the UK.

Dell RAID server recovery

This Killer USB Drive Will Fry Your Laptop

Do you know the USB devices we carry each day can be converted into a bomb? You must be thinking like “yeah whatever.”

No, it’s true, a researcher just showed how a USB can be converted into a killer USB that can kill your whole PC within seconds.

Though, this is not the first time such a USB has been demonstrated. In March, the same researcher showed that a USB can cause harm to vital components of a system if plugged in. But, this time around the USB he demonstrated was significantly more powerful and was named as “Dark Purple”

The USB has been developed with a DC/DC converter, caps and FET. On plugging, the DC/DC converter charges the USB to -220V in the new version (in the old version it was -110V). This voltage is applied to the signal lines of the USB interface.

The process repeats itself until all the components of the PC are destroyed.

What’s more troubling about the version 2.0 is that the reaction rate is much more than the earlier version, which allows it to destroy the whole system within few seconds.

During the demonstration, the researcher lost his new laptop. This is what he said after the demonstration:

“Do not worry about the laptop, the new motherboard is on the way – and the laptop will live again,” He specifically bought new laptop (Lenovo Thinkpad X60) just for this experiment, according to the researcher’s blog post.

This is not the first time a USB has been used as a weapon. USB drives have been used many times for compromising systems in air-gapped networks.

Stuxnet worm is the best example in the recent past when a USB drive was used as a weapon. Stuxnet worm was designed to destroy centrifuges at a nuclear facility.

So, our advice for you would be to be very careful while using anyone’s USB (better still, do not use anyone’s USB in your system), as one wrong step on your side can put all your data on risk.

If you need any type of USB or memory stick recovery, please don’t hesitate to contact us on 0800 999 3282 for a free no obligation quote!

52% of small businesses do nothing to stop cybercrime

Says a study looking at small business around the UK, even with awareness of cybercrime on the rise, a sizeable proportion of the UK’s small businesses are doing nothing whatsoever to avoid falling victim to a data breach.

A new study from CSID, published on July 8th, which showed that more than half (52 per cent) of the UK’s small business “are not taking any preventative measures to protect themselves against cybercrime”.

Furthermore, the company found that 85 per cent of small businesses have no plans to increase their spending on data security in the future, leaving their risk of data loss unmitigated.

To illustrate the severity of the threat, CISD set up an online presence for a fictitious business called Jomoco and had two fabricated employees accidentally leak sensitive data.

It took hackers just one hour to exploit this information and lock the employees out of their email and social media accounts, as well as deface the Jomoco website.

“Understanding and educating employees about the security threats associated with establishing and running a business should be the first step in mitigating (cyber) risk,” said Andy Thomas, managing director of the company’s European division, in response to the findings.

Complex data recovery requires expertise. Speak to the data recovery industry pioneers at Kroll Ontrack for free advice to investigate options to recover from any data loss type, system or cause.

We can support and advise you on any type of complex data recovery for your business plu our advise is FREE, please don’t hesitate to contact us on 0800 999 3282 for a free no obligation quote.

11-year-old girl sets up business selling secure passwords

Sixth-grader Mira Modi has started her own business making cryptographically secure passwords using a system called Diceware.
Weak passwords are still the plague of the cybersecurity industry, with the most popular passwords of 2014 including “123456”, “password” and “qwerty”, making it easy for hackers to break into accounts and steal data. Now an 11-year-old girl from New York is offering a solution.

Sixth-grader Mira Modi has started her own business making cryptographically secure passwords and selling them for $2 a pop. She generates the passwords using a system called Diceware to create strings of words that are easy to remember but difficult to crack.
The system involves rolling a die to generate random numbers, which are matched to a list of short words from the Diceware dictionary. Those words are then combined into a non-sensical string, such as: alger klm curry blond puck horse.

These six-word passphrases contain a lot of “entropy”, or randomness, which means that it would take a powerful computer a very long time to correctly guess them. They are also easier to memorise than strings of individual characters.

Miss Modi is the daughter of ProPublica journalist Julia Angwin, author of Dragnet Nation. As part of her research for the book, Angwin employed her daughter to generate Diceware passphrases, and Modi had the idea to turn it into a small business, according to Ars Technica.

“I started this business because my mom was too lazy to roll dice so many times, so she paid me to make roll dice and make passwords for her. Then I realized that other people wanted them, too,” wrote Miss Modi on her website.

“I personally find that my Diceware passwords are surprisingly easy to remember. However, I only use a few Diceware passwords for important accounts. I use a password manager, 1Password, to create and store passwords for my less-important accounts.”

Diceware generated password, sent by US Postal MailDiceware generated password, sent by US Postal Mail.

She added that once her customers receive their hand-written passphrases in the post, they should make some small changes such as capitalising letters or adding symbols such as exclamation marks, to ensure they are truly unique.

The risk of using weak passwords has come to light in recent months, after hackers gained access to the entire database of Ashley Madison, a dating website for people who want to have affairs, and posted the names of all 37m users on the internet.

The most common passwords for the site were “123456”, “12345”, “password” and “default”. Other notable passwords included “ashley”, “ashleymadison” and “696969”.

However, even strong passwords are no guarantee against data breach. TalkTalk customers are being urged to change their passwords, and any passwords that are the same as their TalkTalk password, following last week’s cyber attack.