topic TELUS data leak includes stolen source code containing the company's "sim-swap-api". in The Lounge

TELUS data leak includes stolen source code containing the company's "sim-swap-api".

JenniferGoheen — Tue, 28 Feb 2023 22:27:38 GMT

So late last week, there was news report of "TELUS Investigating Leak of Stolen Source Code, Employee Data".

The code leaked includes the company's "sim-swap-api".

Just wondering if the PM admins could share the risk level this may pose to customers, perhaps being vulnerable to a SIM hijack. Thanks, Jennifer.

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

Handy1 — Tue, 28 Feb 2023 22:30:47 GMT

@JenniferGoheen The culprits would need your account number and your SIM card to reply YES to the confirmation text …. So it’s pretty unlikely most of us would be a target of such scams in the first place

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

hTideGnow — Tue, 28 Feb 2023 22:32:15 GMT

Hi @JenniferGoheen

If PM is ready to comment , I think they will send us email, that is how most companies handle this kind of issues

of course, you can try to open ticket with them but I doubt they will share much until the official communication is ready

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

BKNS27 — Tue, 28 Feb 2023 22:46:06 GMT

@JenniferGoheen

It might be related to the potential Telus Union strike in BC.

There is a good chance SIM swapping was done by talking to a Telus operator with customers yelling in their eyes. PM is all done online and the CS_Agent will review all credentials before any changes are done.

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

XionBunny — Tue, 28 Feb 2023 22:52:31 GMT

That is what the OP is referring to, has nothing to do with that union strike.

https://www.bleepingcomputer.com/news/security/telus-investigating-leak-of-stolen-source-code-employee-data/

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

BKNS27 — Tue, 28 Feb 2023 22:56:39 GMT

@XionBunny

I know, it was just a cheeky comment.😉

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

gpixel — Tue, 28 Feb 2023 23:38:33 GMT

@JenniferGoheen

I think the customers who have the most to worry about are customers using their real names on their accounts. as for the source code being stolen it's possible that these intruders are looking for backdoors. however, that is the least of our problems and telus' is most likely downplaying the breach. if one was able to retrieve the source code what else did they get their hands on? these issues are always kept hush hush.

Re: TELUS data leak includes stolen source code containing the company's "sim-swap-api".

HALIMACS — Wed, 01 Mar 2023 00:30:47 GMT

I second your keen observation, @gpixel

Jennifer, putting your real name as part of your community user name just increases the level of potential risk you may expose yourself to on a public forum.

Now, in fact, it may not be your real name and a pseudonym, in which case you’re fine.

Just an observation which seems relevant to your initial posted question.

Would recommend all community usernames have no semblance to one’s actual name.