Telus confirmed that it had recently discovered a database being sold on the dark web that apparently contained employee contact information as well as other sensitive data.
The communications giant is currently investigating the matter to see how big the potential breach is, but initial reports suggest no corporate or retail customer data was taken.
Still, whoever buys the database can wreak serious havoc.
SIM Exchange API
The company confirmed this information in a statement addressed to Register (opens in a new tab)“We are investigating reports that a small amount of data related to internal Telus source code and information from select members of the Telus team has surfaced on the dark web,” said Telus spokesman Richard Gilhooley.
“We can confirm that to date our investigation, which we launched as soon as we became aware of the incident, has not identified any corporate or retail customer data.”
So what data was downloaded? According to an ad posted on BreachForums, the attacker sells 76,000 unique employee emails and “inside information” about employees fetched from a company API. Only one entity can purchase a database for a later agreed amount.
However, in another, separate post, the publication found the same cybercriminal offering an entire email database for $7,000 and a payroll database (covering 770 employees, including senior executives) for $6,000.
Perhaps more interestingly, the hacker is also selling all private Telus source code and GitHub repositories, including the SIM swap API, for $50,000.
This one, according to experts, is particularly disturbing. Speaking to The Register, Emsisoft threat analyst Brett Callow explained how a buyer could use the data to launch dangerous SIM swapping attacks: by transferring the phone number associated with the account to the SIM card they had, attackers would be able to bypass multi-factor authentication and other one-time security codes to access even the most protected accounts.