TalkTalk hack was a SQL injection

The latest news from the BBC and their technical editor Rory Cellan-Jones:-

Analysis: Rory Cellan-Jones, BBC technology editor

The company first indicated that the “sustained” attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic.

That did not seem to explain the loss of data, and later TalkTalk indicated that there had also been what is known as an SQL injection.

This is a technique where hackers gain access to a database by entering instructions in a web form. It is a well known type of attack and there are relatively simple ways of defending against it.

Many security analysts were stunned by the idea that any major company could still be vulnerable to SQL injection. (My highlight)

Read the whole article here