>
Telus has confirmed that it recently discovered a database being sold on the dark web that apparently contains employee contact details and other sensitive data.
The communications giant is currently investigating the matter to see how big the potential breach is, but preliminary reports suggest no data from business or private customers has been captured.
Still, whoever buys the database can do serious damage.
API for switching SIM cards
The company confirmed the news in a statement to The register (opens in new tab)“We are investigating allegations that a small amount of data related to internal Telus source code and certain information from Telus team members has appeared on the dark web,” said Telus spokesperson Richard Gilhooley.
“We can confirm that our investigation, which we started as soon as we became aware of the incident, has so far not revealed any corporate or private customer data.”
So what data was taken? According to the ad posted on BreachForums, the attacker is selling 76,000 unique employee emails and “inside information” about the employees extracted from the company’s API. Only one entity can buy the database, for an agreed amount afterwards.
However, in a separate post, the publication found the same threat actor offering the entire email database for $7,000, and a payroll database (with 770 staff members, including seniors) for $6,000.
Perhaps more interestingly, the hacker is also selling Telus’ entire private source code and GitHub repositories, including the SIM swap API, for $50,000.
Experts agree that this one is particularly concerning. Speaking to The Register, Emsisoft threat analyst Brett Callow explained how the buyer could use the data to launch dangerous SIM swapping attacks: by transferring the phone number associated with an account to a SIM card in their possession, the attackers would be able to use multi-factor authentication and other one-time security codes to access even the most secure accounts.