News in brief: fowl play; Google moves into Cuba; teen hacker sentenced

Your daily round-up of some of the other security stories in the news

Fowl play as KFC warns of hack

More than 1m members of Kentucky Fried Chicken’s Colonel’s Club in the UK (no, we didn’t know KFC had such a club, either) have been warned to reset their passwords by the fast food giant.

The company said that the loyalty club, where hungry chicken fans can collect rewards, had been targeted and that while only “a small number of accounts” had been directly targeted, it warned the 1.2m members of the finger-licking scheme to reset their passwords.

KFC also reiterated the good advice not to re-use passwords across a number of different services. While we’re at it, now is a good time to take another look at our video guide on how to pick a strong password.

Google to place servers on Cuba

Google has signed a deal with Cuba to locate servers on the island, which means its services could be accessed faster by Cuban internet users. Google data has until now had to be routed via Venezuela to Cuba, which  has a notoriously poor and restricted internet service.

The move won’t however improve general internet access for ordinary Cuban users, who are forbidden by law to have internet connections at home and who are charged the equivalent of a month’s salary for 10 hours’ access via slow public Wi-Fi hotspots.

This is a step along the road to further detente between the isolated Communist island nation and its huge neighbour to the north, and the latest in a series of deals building on the warmer relations initiated by President Obama.

Teenage hacker sentenced

The 17-year-old behind the TalkTalk data breach in October last year has been sentenced to a 12-month youth rehabilitation order. The boy, who can’t be named, also had his iPhone and hard drive confiscated by Norwich Youth Court, where he had admitted to seven offences connected to the breach.

The youth told the court during the hearing that he had carried out the attack to show off his IT skills, saying: “I was just showing off to my mates.” He used a SQL injection to expose the vulnerability in TalkTalk’s website; subsequently nearly 157,000 customers had their records stolen.

Meanwhile, in a separate hearing in London, 19-year-old Daniel Kelley from Llanelli, Carmarthenshire, pleaded guilty at the Old Bailey to attacking TalkTalk’s systems to get customer data and to demanding a payment of 465 bitcoins.

Kelley also pleaded guilty to further charges including blackmail, fraud and money laundering, and was bailed until his sentencing, due in March. The judge told him to expect a prison sentence.

TalkTalk said that the “significant and sustained” attack had cost it more than £42m – and it was subsquently fined £400,000 ($507,000) by regulators.

Elizabeth Denham, the information commissioner, said as she announced the fine in October: ““TalkTalk’s failure to implement the most basic cybersecurity measures allowed hackers to penetrate TalkTalk’s systems with ease … TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

Catch up with all of today’s stories on Naked Security


i