Introduction
Telus, a Canadian telecommunications company that services over 13M customers with everything from home security systems to wireless phone plans.
At the end of February, they began looking into suspicions that important insider data had been leaked on the Dark Web.
Unfortunately, this is only the latest in a series of breaches against telecom providers around the world. It’s not just Canadians who have to be ready for more attacks on the industry. From Optus to T-Mobile, these breaches against our critical infrastructure seem to be gaining traction at an alarming pace.
What do you need to know about protecting your private data, in the event that YOUR telecom services are compromised?
What Info Was Leaked
Hackers appear to have leaked bits of the service’s source code, as well as information on many (if not all, as the perpetrator claims) of the employees. Although the breach purportedly left customers’ information untouched, the threat actors claim to have stolen sensitive payroll info, email addresses and more from the company.
Then they put it up for sale for $7K.
It didn’t stop there. They also requested $50K for a database of what they claim contains a GitHub (an open-source software development website) repository cache belonging to Telus.
Meanwhile, the stolen source code is rumored to contain an Application Programming Interface (API) that would let the threat actors then carry out a SIM swapping attack. That would essentially let them spy on your messages and try to break into accounts that are locked by multi-factor authentication. When you get an SMS code sent to your phone, they can see that one-time password and can get into private accounts like your bank.
Are SIM swapping attacks on the rise? Google Fi, a MVNO service, recently fell victim to a phishing attack that led to SIM swapping on their customers. In general, telecommunication companies are facing more and more cyber-attacks from threat actors who have found them to be lucrative targets. SIM swapping allows thieves to compromise private messages, and is their workaround for our increased reliance on MFA and using our phones as our secondary verification.
Conclusion
This breach on Telus is only the latest in a string of attacks on telecom companies all over the world. Major companies, since they have access to millions of people’s private data, are becoming a very popular target for cybercriminals who want to go after a lot of information at once. Things become even dicier when the theft spirals into ransomware and potentially affects so many millions of consumers.
How can you protect your private data? Keep as much as possible private! If you don’t need to include it in your accounts, don’t put it in. Turn off data tracking whenever possible, too. If you receive a notification that your data was even potentially exposed, whether through your telecom provider or any other service, change your log-ins and monitor your activity for any suspicious behavior moving forward!
References