«
»

TELUS Has Apparently Been Pwned With Source Code & Employee Data Swiped…. Along With The Threat Of SIM Swap Attacks Surfacing

Bleeping Computer is reporting that Canadian telco TELUS has apparently been pwned by hackers:

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company.

TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.

This is a concern for not only TELUS employees, but customers as well for this reason:

The seller further boasts that the stolen source code contains the company’s “sim-swap-api” that will purportedly enable adversaries to carry out SIM swap attacks.

That’s bad as SIM swaps could lead to the take over of any accounts that requires SMS two factor authentication. Social media accounts and bank accounts are two examples of this. Which makes this very bad if this is true. Now TELUS for its part had this to say:

“We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web,” a TELUS spokesperson told BleepingComputer.

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

I have to wonder if that statement will change when the full extent of this breach becomes known. But in the meantime, if you’re an employee of customer of TELUS, it would be wise to be on the lookout for phishing or scam messaging targeting them. And if you’re a TELUS customer, now might be a good time to put a PIN on your account if you don’t already have one.

This entry was posted on February 26, 2023 at 8:25 am and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “TELUS Has Apparently Been Pwned With Source Code & Employee Data Swiped…. Along With The Threat Of SIM Swap Attacks Surfacing”

  1. TELUS Gives The Results Of Its Investigation Into A Cyber Incident Earlier This Year | The IT Nerd Says:
    May 25, 2023 at 1:40 pm

    […] this year, news came out that TELUS might have been the victim of a cyberattack. Here’s what was said to be […]

    Reply

Leave a Reply

%d bloggers like this: