TELUS investigating leak of stolen source code, employee data

cellphone tower

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company.

TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.

Private source code and employee data up for sale

On February 17, a threat actor put up what they claim to be TELUS’ employee list (comprising names and email addresses) for sale on a data breach forum.

“TELUS employes [sic] from a very recent breach. We have over 76K unique emails and on top of this, we have internal information associated with each employee scraped from Telus’ API,” states the forum post.

While BleepingComputer has been unable to confirm the veracity of threat actor’s claims just yet, the small sample set posted by the seller does have valid names and email addresses corresponding to present-day TELUS employees, particularly software developers and technical staff.

By Tuesday, February 21, the same threat actor had created another forum post—this time offering to sell TELUS’ private GitHub repositories, source code, as well as the company’s payroll records.

Forum post with TELUS sample data setSecond forum post with  the alleged TELUS data and source code (BleepingComputer)

“In the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Source Code, Testing Apps, Staging/Prod/testing  and more!” states the seller’s latest post.

The seller further boasts that the stolen source code contains the company’s “sim-swap-api” that will purportedly enable adversaries to carry out SIM swap attacks.

Although the threat actor has labeled this a “FULL breach” and promises to sell “everything associated with Telus,” it is too early to conclude that an incident indeed occurred at TELUS or to rule out a third-party vendor breach.

“We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web,” a TELUS spokesperson told BleepingComputer.

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

BleepingComputer continues to monitor the development and provide you with updates on the situation.

TELUS employees and customers, in the meantime, should look out for any phishing or scam messaging targeting them and refrain from entertaining such email, text, or telephone communications.

h/t Dominic Alvieri


  • br0mel1ad Photo br0mel1ad – 3 days ago

    China is a major threat to Canada. This needs to stop

  • Shplad Photo Shplad – 2 days ago

    This could be China. It could also be Russia, Iran or North Korea. They’re all partners now.

  • Malwarebytes Anti-Malware Logo

    Malwarebytes Anti-Malware

    Version: 4.5.23 4M+ Downloads

  • AdwCleaner Logo


    Version: 56M+ Downloads

  • Windows Repair (All In One) Logo

    Windows Repair (All In One)

    Version: 4.13.1 2M+ Downloads

  • Everything Desktop Search Logo

    Everything Desktop Search

    Version: 22,279 Downloads

  • Zemana AntiLogger Free Logo

    Zemana AntiLogger Free

    Version: 53,006 Downloads


Related posts

City of Oakland declares state of emergency after ransomware attack

Sarah Henriquez

DuckDuckGo now blocks Google sign-in pop-ups on all sites

Sarah Henriquez

Google nukes 50,000 accounts pushing Chinese disinformation

Sarah Henriquez

Leave a Comment