A cyber attack has left tens of thousands of Post Office and Talk Talk broadband customers without internet this week.
The assault, which uses the same malicious software that took some of world’s most popular websites offline in October, has been ongoing since Sunday and intermittently affected the customers’ ability to connect to the internet, the companies said.
The Post Office said around 100,000 of its customers had been affected since Sunday. Talk Talk meanwhile did not say how many of its broadband subscribers were hit, but confirmed that a minority were affected on Thursday. Both companies are working on a fix.
As well as Talk Talk and the Post Office the attack hit Hull’s internet provider Kcom, and left 900,000 of Germany’s Deutsche Telekom customers unable to connect to the internet earlier this week.
The internet outages British broadband users that have certain types of routers that are distributed by Talk Talk, the Post Office and Kcom. These include the Zyxel AMG302, which 100,000 Post Office customers use, and the D-Link DSL-3780, used by a small percentage of The Talk Talk customers.
Customers from both Talk Talk and the Post Office complained the companies had done little to inform them of the problems. A Post Office customer said they had been without internet for four days. “It’s still hit and miss!” they said. “Where’s the compensation for loss of internet? No one can answer that at the Post Office.”
Meanwhile a Talk Talk customer said they had to resort to using their phone’s internet after their internet didn’t work for hours on Thursday. “Hour 6 of no internet in the house and I have resorted to my phone’s data to keep musket connected,” they said. “It’s a dark time for Talk Talk customers.”
It is not known who is responsible for the attack, but it is similar in kind to that against the Dyn domain name server, which resulted in dozens of websites including Twitter, Reddit and eBay being taken offline for hours in October. Cyber criminals exploited vulnerabilities in internet connected cameras and video recorders to take control of them and launch a distributed denial of service attack.
No personal data is compromised in such attacks, which affect the infrastructure of websites and computer servers.
“We would like to reassure customers that no personal data or devices have been compromised,” said a spokesman for the Post Office. “We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers.
“For those customers who are still having problems, we are advising them to reboot their router.”
Talk Talk said it had added emergency security measures to help protect its customers and that it was working with other internet service providers to “review the potential impacts” of the malicious software.
Kcom, which also uses the Zyxel AMG302, said: “The vast majority of our customers are now able to connect to and use their broadband service as usual.
“Our core network was not affected at any time and we have put in place measures to block future attacks from impacting our customers’ routers and their ability to access the internet.”