Telus Digital, the business process outsourcing arm of Canadian telecommunications provider Telus, has confirmed a significant security incident. Threat actors known as ShinyHunters claim to have exfiltrated nearly 1 petabyte of data over several months. The breach reportedly began after threat actors obtained Google Cloud Platform credentials from data stolen in the Salesloft Drift breach, which were then used to access Telus systems, including a large BigQuery instance. The stolen data includes customer support information, call records for Telus' consumer division, source code, financial information, and voice recordings. ShinyHunters attempted to extort Telus for $65 million but received no response, leading to the data theft claims.
Reconnaissance
Exploiting Previous Breaches for Intel
likely
Threat actors ShinyHunters leveraged data stolen from the Salesloft Drift breach, specifically looking for Google Cloud Platform credentials. This demonstrates a reliance on information leaked from prior security incidents to initiate new attacks.
