Someone on a criminal platform is selling what they claim is data on everyone telus employees, as well as the Canadian telecommunications company’s GitHub software code repository.
in response to a IT World Canada To reporter’s questions about the posting, Telus director of public affairs Richard Gilhooly said the company is investigating the allegations.
“We are investigating claims that a small amount of data relating to internal Telus source code and information from select Telus team members has appeared on the dark web,” he said in an email. “We can confirm that our investigation at this point, which began as soon as we became aware of the incident, has not identified any corporate or retail customer data.”
The first dark web posting was made on February 17 by someone named “Cej”. “We have over 76k unique emails and on top of that have internal information associated with each employee scraped from Telus’ API.”
As proof, this posting appears to have a list of Telus employee email addresses. It is not known if these are current or former employees – or even real.
A February 21 posting said, “We’re bringing you even more from the recent Telus breach!” The poster asks for US$7K for a database file of “every person who works at Telus”; US$6K for a payroll file with 770 records of “all white-collar workers … including the president of Telus”; and US$50K for all allegedly copied data, including a list of Telus private Github repositories, subdomains, and screenshots.
Interested buyers are being asked to connect with one of two people on the Telegram messaging service.
It’s important to note that it’s unclear whether the data being sold is genuine, commented Brett Calo, a British Columbia-based threat analyst for Emsisoft. That said, if this is real, it is a potentially serious incident that exposes Telus employees to an increased risk of phishing and social engineering and, by extension, exposes the company’s customers to risk. The alleged exposure of private Github repositories, including the SIM-swap API, represents an additional level of potentially significant risk.
In 2020, a Telus division called Medicis Health Group was hit by a cyberattack involving customer data. At that time the company said “Safely recovered data by payment.”
