NewsTechonologyTrending News

Telus found source code and other data up for sale on dark web

Telus has confirmed it recently discovered a database being sold on the dark web that apparently contained employee contact information as well as other sensitive data. 

The comms giant is currently investigating the matter to see how big the potential breach is, but preliminary reports suggest that no corporate or retail customer data was taken. 

Still, whoever buys the database could wreak serious havoc.

SIM swapping API

The company confirmed the news in a statement to The Register: “We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” Telus spokesperson Richard Gilhooley said.

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

So what data was taken? As per the ad posted on BreachForums, the attacker is selling 76,000 unique employee emails, and “internal information” on the employees pulled from the company’s API. Only one entity can purchase the database, for a sum subsequently agreed upon. 

However in another, seperate post, the publication found the same threat actor offering the entire email database for $7,000, and a payroll database (counting 770 staff members, including high-ranking individuals) for $6,000. 

Perhaps more interestingly, the hacker is also selling Telus’ entire private source code and GitHub repositories, including the SIM swap API, for $50,000. 

This one, experts agree, is particularly worrying. Speaking to The Register, Emsisoft threat analyst Brett Callow explained how the buyer could use the data to run dangerous SIM-swapping attacks: by transferring the phone number associated with an account to a SIM card in their possession, the attackers would be able to bypass multi-factor authentication and other one-time security codes, to gain access to even most protected accounts. 

More blog post here