Saturday, June 15, 2024

Hacker Claim Telecom Provider Data Including Source Code, Employee Data Stolen

Telus, a Canadian national telecommunications company is looking into whether employees’ data as well as the source code for the system were stolen and then sold on a dark web marketplace.

Subsequently, the threat actor published screenshots that appear to depict the company’s payroll data and private source code repositories.

“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” Richard Gilhooley, director of public affairs at Telus said in an email. 

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

Source Code, Employee Data Stolen

A threat actor offered what they claimed to be TELUS’ employee list (including names and email addresses) for sale on a data breach forum on February 17.

“Today we’re selling email lists of Telus employees from a very recent breach. We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API”, the forum post says.

The post provides what looks to be a list of email addresses for Telus employees as proof. “It isn’t known if these are the current or former staff — or even real”.

Later on Tuesday, February 21, the same threat actor published a new forum post with an offer to sell TELUS’ private GitHub repositories, source code, and payroll data.

“In the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Source Code, Testing Apps, Staging/Prod/testing, and more!” says the seller’s latest post.

Forum post with TELUS sample data set
The claimed TELUS data and source code are posted in a second forum post

The seller also stated that the company’s “sim-swap-api,” which is supposed to allow attackers to conduct SIM swap attacks, was included in the stolen source code.

Despite the malicious attacker calling this a “Full breach” and stating that they will sell “anything related to Telus,” it is still too soon to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

“It’s important to note that it’s not clear whether the data being sold is real”, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. 

“If it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers to risk”. 

“The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”

Network Security Checklist – Download Free E-Book

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles