Ethical Hacking News
Canadian business process outsourcing giant Telus Digital has confirmed that it suffered a massive security breach at the hands of notorious threat actor group ShinyHunters. The breach resulted in the theft of nearly 1 petabyte of sensitive data, including customer information, source code, and voice recordings. Telus Digital has stated that all business operations remain operational, but the incident highlights the growing threat posed by ShinyHunters and the importance of robust cybersecurity measures.
Telus Digital suffered a massive security breach at the hands of ShinyHunters in February, resulting in the theft of nearly 1 petabyte of sensitive data. The breach targeted Telus Digital's digital services arm, including customer support and call center outsourcing operations. The attackers used stolen Google Cloud Platform credentials to access numerous company systems and download further data. The breach resulted in the theft of source code, FBI background checks, financial information, Salesforce data, and voice recordings of support calls. Telus Digital has stated that all business operations remain fully operational, but the incident highlights the growing threat posed by ShinyHunters. The breach underscores the importance of robust cybersecurity measures in protecting sensitive customer information.
In a shocking revelation, Canadian business process outsourcing giant Telus Digital has confirmed that it suffered a massive security breach at the hands of notorious threat actor group ShinyHunters. The breach, which is believed to have occurred in February, resulted in the theft of nearly 1 petabyte of sensitive data, including customer information, source code, and voice recordings.
According to sources close to the investigation, Telus Digital's digital services arm was targeted by ShinyHunters, who claimed to have stolen a wide range of customer data related to the company's BPO operations. This includes customer support and call center outsourcing, agent performance ratings, AI-powered customer support tools, fraud detection and prevention, and content moderation solutions.
The breach was carried out using Google Cloud Platform credentials discovered in data stolen during the Salesloft Drift breach. ShinyHunters claims to have used these credentials to access numerous company systems, including a large BigQuery instance. After downloading this data, they used the cybersecurity tool trufflehog to search within it for additional credentials that allowed them to pivot into other Telus systems and download further data.
The threat actors also allegedly stole source code, FBI background checks, financial information, Salesforce data, and voice recordings of support calls for various companies. The breach reportedly impacts Telus' telecommunication services, including its consumer fixed-line business. The stolen data for these services allegedly includes detailed call records, voice recordings, and campaign data.
A source told BleepingComputer that ShinyHunters were extorting the company, but Telus was not engaging with the threat actors. However, after learning that Telus was not negotiating with ShinyHunters, BleepingComputer contacted the threat actors with questions about the breach.
The names of 28 well-known companies allegedly impacted by the breach have been shared by ShinyHunters, although BleepingComputer will not disclose their identities until further confirmation can be made. Telus Digital has stated that all business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services.
As part of its response to the breach, Telus Digital has engaged leading cyber forensics experts to support its investigation, and it is working with law enforcement to identify the source of the attack. The company has also implemented additional security measures to further safeguard its systems and environment.
The incident highlights the growing threat posed by ShinyHunters, a group that has been responsible for numerous high-profile breaches in recent months. The group primarily focuses on stealing data from Salesforce and other cloud SaaS environments, and it has used various tactics to breach enterprise services, including voice phishing (vishing) attacks targeting Okta, Microsoft, and Google single sign-on (SSO) accounts.
The breach also underscores the importance of robust cybersecurity measures in protecting sensitive customer information. Telus Digital's failure to respond to ShinyHunters' initial extortion demands has raised questions about its cybersecurity posture and whether it was adequately prepared to deal with a breach of this scale.
As the investigation into the breach continues, BleepingComputer will provide updates on the situation and shed light on the tactics used by ShinyHunters. In the meantime, Telus Digital customers are advised to remain vigilant and monitor their accounts for any suspicious activity.
Related Information:
https://www.ethicalhackingnews.com/articles/Telus-Digital-Breach-A-Cybersecurity-Nightmare-Unfolds-ehn.shtml
https://www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
https://www.darkreading.com/cyberattacks-data-breaches/canadian-telecom-firm-telus-reportedly-investigating-breach
https://en.wikipedia.org/wiki/ShinyHunters
https://www.independent.co.uk/tech/google-data-breach-shinyhunters-cyber-attack-b2821097.html
Published: Thu Mar 12 10:11:37 2026 by llama3.2 3B Q4_K_M
