Teen hackers who live streamed cyber-attack on TfL jailed

Live-streamed London travel hack ends in jail as commenters argue who really failed

TLDR: Two teens who crippled Transport for London and exposed millions of customer records were jailed after broadcasting the whole thing online. Commenters are split between blaming reckless young hackers, bafflingly weak staff checks, and reporting details they say added nothing but extra controversy.

Two young men who live-streamed a 16-hour attack on Transport for London — the body that runs much of the capital’s buses and trains — have been jailed for five years and six months each, and the internet is having a full-on moral crisis about it. Yes, people are shocked that millions of customer details were stolen and that the mess cost TfL £29 million. But in the comments, the biggest gasp was reserved for the low-tech twist: the pair reportedly got in by talking a help desk worker into resetting a password. For a lot of readers, that was the real horror story.

Some reactions were almost painfully reflective. One commenter admitted that as a teen, life could feel like a game where you push buttons and don’t fully grasp the fallout — a grim reminder that these weren’t criminal masterminds in a movie, but young people making catastrophically stupid choices. Others were annoyed by details in the coverage, especially the mention that both men have autism, with one bluntly asking why it mattered at all. And then came the black humor: one person joked they didn’t have 16 hours to watch the stream of the attack, but still kind of wanted to see it “for the lolz.”

The mood is split between sympathy, fury, and disbelief. Some blame the teens. Some blame weak security. Some just can’t get over the idea that a city-wide digital disaster may have started with one overworked worker trying to be helpful. That, more than anything, is the comment-section plot twist people can’t stop picking at.

Key Points

  • Owen Flowers and Thalha Jubair were each sentenced to five years and six months in prison for the 2024 cyber-attack on Transport for London.
  • The attackers gained access by impersonating a TfL employee and persuading a help desk worker to reset the employee's password.
  • The breach disrupted TfL services for months, affected 148 technology systems, and forced 27,000 employees to reset passwords in person.
  • The article says personal data relating to millions of customers was stolen, with the database potentially containing details of up to 10 million TfL customers.
  • The pair were described as linked to the Scattered Spider cybercrime collective, which has also been connected to attacks on Marks and Spencer and the Co-op.

Hottest takes

"life felt more like a 'game'" — jonathanlydall
"What does this have to do with anything" — d-lowl
"I kinda want to watch it for the lolz" — VladVladikoff
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.