ShinyHunters Demand $65M After Alleged 1PB Data Theft from TELUS Digital

Recently, Telus Digital (Telus Corporation’s digital services division) announced that it suffered a cyberattack. The company stated that there was unauthorized entry into some of its systems and that it is currently looking into how extensive the breach was.

Infamous hacker group Shinyhunters has taken credit for the accountability. They said they stole close to 1 petabyte of data from the company. According to reports, Telus isn’t willing to negotiate with the hackers.

How the Telus Breach Happened

This cyber breach reportedly didn’t start with Telu. According to ShinyHunters, they first broke into Salesloft Drift, a sales tool that businesses use. The Salesloft breach exposed Salesforce data for 760 companies, including customer support tickets.

This supply chain attack method is a ShinyHunters specialty; they used similar tactics in the Odido breach, where they first compromised third-party systems before moving into the Dutch telecom’s network and demanding a multi-million dollar ransom.

The hackers scanned those tickets for login credentials and found Telus’ Google Cloud platform logins. That’s how they were able to get into many Telus systems, including a BigQuery database.

When they got in, they used a tool called TruffleHog to search for more credentials. That gave them access to more of Telus’ systems, and they kept going deeper and downloading data along the way.

What Type of Data Did ShinyHunters Take from Telus Digital?

ShinyHunters claim they stole the data of 28 popular companies, many of which use Telus Digital to handle customer support and call center operations. A single system breach hit many companies at once because Telus Digital is a third-party vendor for other businesses.

These hackers got hold of highly sensitive information, including customer support records, fraud detection data, agent performance ratings, and AI support tool data. In addition, they took content moderation records, FBI background checks, source code, Salesforce data, financial information, and even voice recordings of customer service calls.

It didn’t end there; the breach also affected Telus’s own consumer phone business. And the hackers made away with data from various angles, campaign data, voice recordings, and call records, inclusive. Analysis of the records shows both call times and call durations, phone numbers, and other call quality data.

Telus’s Response to the Breach

In their statement confirming the breach, Telus says all its operations are still up and running normally. They also confirmed the hack didn’t disrupt their customer services.

The company also noted that they have invited cyber forensics experts to aid in the investigations. Also, they said they’re working hand in hand with law enforcement to get to the bottom of the whole thing.

Telus has added new security measures and also notified their customers whose data the breach affected accordingly.

Briefly About ShinyHunters and Their Escapades

ShinyHunters is one of the most active hacker groups targeting companies today. The group invests its attention heavily in Salesforce and other cloud platforms. Some of their past victims include Cisco, Google, and Match Group.

Recently, they have been calling employees on the phone, posing as IT support staff. Also, they create fake sites and send emails with links to those sites to workers, tricking them into entering login credentials and two-factor authentication codes on the fake sites.

ShinyHunters use a technique called device code phishing to steal Microsoft login tokens. Access to one account means access to several other linked platforms, like Slack, Microsoft 365, and Salesforce.

This Telus Digital breach is a stark reminder of how one weak link can cascade into a major breach affecting multiple companies.