A threat actor has posted images that disclosed the TELUS company’s payroll details and source code repositories. TELUS is the 2nd most prominent company in the telecom industry. After the threat actor had leaked the details, TELUS started investigating the data breach.

After investigating the incident, TELUS found no evidence of stolen retailer or corporate data and continuously monitored the incident. 

Also, read Google Fi data breach – hackers carry SIM swap attacks.

Threat Actor Kept Employee Info Source Code for Sale

A recent threat on 17th Feb 2023 posted images containing the info of employee names and Emails of company employees for sale after performing a data breach in a forum. 

There were around 76000 emails, and internal employee information was scrapped from the TELUS’ API, the company stated in an advisory post. 

Till now, the investigation could not reveal the reality of the data breach. The images posted by the threat actor had accurate data about their employees, especially about the technology and software developer staff. 

The same threat actor has shared the disclosed information in another post, but this time they posted the company’s GitHub repositories, source code, and payroll records on 21st Feb. 

According to the seller’s most recent article, “In the repositories are the backbone, frontend, middleware [information], AWS keys, Google auth keys, Source Code, Testing Apps, Staging/Prod/testing, and more!”

The seller also bragged that the company’s “sim-swap-API,” which is supposed to allow adversaries to conduct SIM switch attacks, was included in the stolen source code.

Despite the threat actor calling this a “FULL breach” and stating that they will sell “everything connected with Telus,” it is still too early to say whether an incident happened at TELUS or a breach at a third-party vendor actually occurred.

A TELUS spokesperson stated, “We are investigating allegations that a small amount of data linked to internal source code and select TELUS team members’ information has surfaced on the dark web.”

The company has kept an eye on the situation and said it would keep the employees updated.

In the interim, TELUS workers and clients are advised to be on the lookout for any phishing or scam messages directed at them and to ignore such email, sms, or mobile phone communications.