Telus confirmed that it recently discovered a database being sold on the dark web that apparently contained employee contact information as well as other sensitive data.
The comms giant is currently investigating the matter to see how extensive the potential breach was, but preliminary reports suggest no corporate or retail customer data was taken.
However, anyone who buys the database can do serious damage.
SIM swapping API
The company confirmed the news in a statement to The Register (Opens in a new tab): “We are investigating claims that a small amount of data related to internal Telus source code and selected information of Telus team members appeared on the dark web,” said the Telus spokesman Richard Gilhooley.
“We can confirm that so far our investigation, which we launched as soon as we learned of the incident, has not uncovered any corporate or retail customer data.”
So what data is taken? According to the ad posted on BreachForums, the attacker sold 76,000 unique employee emails, and “internal information” of employees taken from the company’s API. Only one entity can purchase the database, at a price agreed upon later.
But in another, separate post, the publication found the same threat actor offering the entire email database for $7,000, and a payroll database (counting 770 employees, including high-ranking individuals) at $6,000.
Perhaps more interestingly, the hacker also sold Telus’ entire private source code and GitHub repositories, including the SIM swap API, for $50,000.
This one, experts agree, is especially worrying. Speaking to The Register, Emsisoft threat analyst Brett Callow explained how the buyer could use the data to run dangerous SIM swapping attacks: by transferring the phone number associated with an account on a SIM card they own, attackers can bypass. multi-factor authentication and other one-time security codes, to access even the most protected accounts.