Telus Investigates Claims of Data Breach with Source Code, Employee Info Up for Sale

Telus may have suffered a major data breach that resulted in the theft of employee data and proprietary source code, according to a report from BleepingComputer.

On February 17, someone on the dark web put what they claimed to be a Telus employee list up for sale. The list supposedly contained the names and email addresses of more than 76,000 employees.

“TELUS employes [sic] from a very recent breach. We have over 76K unique emails and on top of this, we have internal information associated with each employee scraped from Telus’ API,” the forum post read.

The post was accompanied by a small sample of employee data that appeared to check out, containing legitimate names and email addresses belonging to current Telus employees.

On Tuesday, February 21, the same account made another forum post — this time selling Telus’ private GitHub repositories, source code, and payroll records, in addition to the previous email database.

“In the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Source Code, Testing Apps, Staging/Prod/testing and more!” the account said in its latest post.

According to the forum post, the GitHub repositories also include Telus’ private “sim-swap-api,” which bad actors could presumably use for sim-swapping attacks against Telus customers.

Canada’s second-largest telecommunications operator is investigating the claims of a breach and, so far, has assured that no corporate or retail customer data was stolen.

“We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web,” a spokesperson for the company said in a statement to BleepingComputer.

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.

If you’re a Telus employee (or even a customer), it would be best to err on the side of caution and be on the lookout for phishing attempts and other scams, just in case your data was part of the leak.

Earlier this week, Telus announced a new collaboration with Amazon Web Services (AWS) to create a smart living solution for home automation.

P.S. - Like our news? Support the site: become a Patreon subscriber. Or shop with our Amazon link, or buy us a coffee! We use affiliate links when possible--thanks for supporting independent media.