Canada’s second-largest telecom, TELUS is investigating a possible knowledge breach after a menace actor shared samples on-line of what seems to be worker knowledge. The menace actor subsequently posted screenshots that apparently present non-public supply code repositories and payroll information held by the corporate.

TELUS has to date not discovered proof of company or retail buyer knowledge being stolen and continues to watch the potential incident.

Personal supply code and worker knowledge up on the market

On February 17, a menace actor put up what they declare to be TELUS’ worker listing (comprising names and e-mail addresses) on the market on a knowledge breach discussion board.

“TELUS employes [sic] from a really latest breach. Now we have over 76K distinctive emails and on high of this, we have now inside data related to every worker scraped from Telus’ API,” states the discussion board publish.

Whereas BleepingComputer has been unable to substantiate the veracity of menace actor’s claims simply but, the small pattern set posted by the vendor does have legitimate names and e-mail addresses akin to present-day TELUS staff, notably software program builders and technical employees.

By Tuesday, February 21, the identical menace actor had created one other discussion board publish—this time providing to promote TELUS’ non-public GitHub repositories, supply code, in addition to the corporate’s payroll information.

“Within the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Supply Code, Testing Apps, Staging/Prod/testing  and extra!” states the vendor’s newest publish.

The vendor additional boasts that the stolen supply code comprises the corporate’s “sim-swap-api” that can purportedly allow adversaries to hold out SIM swap assaults.

Though the menace actor has labeled this a “FULL breach” and guarantees to promote “every little thing related to Telus,” it’s too early to conclude that an incident certainly occurred at TELUS or to rule out a third-party vendor breach.

“We’re investigating claims {that a} small quantity of knowledge associated to inside TELUS supply code and choose TELUS staff members’ data has appeared on the darkish internet,” a TELUS spokesperson advised BleepingComputer.

“We will affirm that up to now our investigation, which we launched as quickly as we have been made conscious of the incident, has not recognized any company or retail buyer knowledge.”

BleepingComputer continues to watch the event and offer you updates on the state of affairs.

TELUS staff and clients, within the meantime, ought to look out for any phishing or rip-off messaging focusing on them and chorus from entertaining such e-mail, textual content, or phone communications.

h/t Dominic Alvieri