Telus source code, staff info for sale on dark web forum • The Register

Canadian communications large Telus is investigating whether or not crooks have stolen worker knowledge and its supply code, all of which is being provided on the market on a legal discussion board.

“We’re investigating claims {that a} small quantity of information associated to inside Telus supply code and choose Telus group members’ info has appeared on the darkish net,” Telus spokesperson Richard Gilhooley informed The Register. “We are able to verify that thus far our investigation, which we launched as quickly as we had been made conscious of the incident, has not recognized any company or retail buyer knowledge.”

A miscreant who goes by “Seize” claims to have exfiltrated the Telus knowledge, and is providing it on the market on BreachForums, in keeping with display pictures shared with The Register. 

In a single submit, the criminal gives 76,000 distinctive worker emails plus “inside info” linked to these employees scraped from Telus’ API. The value on this dataset is listed as “negotiable,” and can solely be bought to 1 particular person.

In one other submit, Seize gives an e-mail database for $7,000 that features each Telus worker’s e-mail, a payroll database for $6,000 with 770 employees data — together with the Telus president’s information — and eventually, all of Telus’ personal supply code and GitHub repositories together with the SIM swap API, for $50,000.

It is “essential to notice that, at this level, we do not know whether or not the information is legit,” Emsisoft risk analyst Brett Callow informed The Register. 

“From the angle of Telus’ prospects, most likely the most important concern is what may very well be carried out with the repos — the SIM swap API, for instance,” he added.

A legal may probably use this code to switch the sufferer’s telephone quantity to an attacker-controlled gadget, permitting the interception of one-time safety codes to hijack the sufferer’s different on-line accounts. Previously this has necessitated fooling or bribing telco employees, however with open code on the market some scumbag may steal with extra ease.

In 2020, one other Telsus-owned firm, Medisys Well being Group, was the sufferer of a ransomware attack throughout which crooks stole private info belonging to about 60,000 shoppers. 

That incident hit about 5 p.c of the corporate’s prospects, and included names, contact info, provincial well being numbers, and take a look at outcomes. Monetary info and social insurance coverage numbers weren’t stolen within the assault, the corporate stated on the time.

And simply final month one other provider, T-Cell US, admitted a data breach wherein somebody abused an API to obtain private info belonging to 37 million subscribers. This was the community operator’s sixth safety snafu in 5 years. ®