Canada’s second-largest telecom, TELUS is investigating a possible knowledge breach after a menace actor shared samples on-line of what seems to be worker knowledge. The menace actor subsequently posted screenshots that apparently present personal supply code repositories and payroll information held by the corporate.
TELUS has to date not discovered proof of company or retail buyer knowledge being stolen and continues to observe the potential incident.
Personal supply code and worker knowledge up on the market
On February 17, a menace actor put up what they declare to be TELUS’ worker checklist (comprising names and e-mail addresses) on the market on a knowledge breach discussion board.
“TELUS employes [sic] from a really current breach. We have now over 76K distinctive emails and on high of this, we now have inside info related to every worker scraped from Telus’ API,” states the discussion board put up.
Whereas BleepingComputer has been unable to verify the veracity of menace actor’s claims simply but, the small pattern set posted by the vendor does have legitimate names and e-mail addresses comparable to present-day TELUS workers, significantly software program builders and technical workers.
By Tuesday, February 21, the identical menace actor had created one other discussion board put up—this time providing to promote TELUS’ personal GitHub repositories, supply code, in addition to the corporate’s payroll information.
“Within the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Supply Code, Testing Apps, Staging/Prod/testing and extra!” states the vendor’s newest put up.
The vendor additional boasts that the stolen supply code incorporates the corporate’s “sim-swap-api” that may purportedly allow adversaries to hold out SIM swap assaults.
Though the menace actor has labeled this a “FULL breach” and guarantees to promote “the whole lot related to Telus,” it’s too early to conclude that an incident certainly occurred at TELUS or to rule out a third-party vendor breach.
“We’re investigating claims {that a} small quantity of information associated to inside TELUS supply code and choose TELUS staff members’ info has appeared on the darkish internet,” a TELUS spokesperson advised BleepingComputer.
“We will verify that thus far our investigation, which we launched as quickly as we had been made conscious of the incident, has not recognized any company or retail buyer knowledge.”
BleepingComputer continues to observe the event and give you updates on the state of affairs.
TELUS workers and prospects, within the meantime, ought to look out for any phishing or rip-off messaging focusing on them and chorus from entertaining such e-mail, textual content, or phone communications.
h/t Dominic Alvieri
