Outsourcer Telus admits to attack – may have lost a petabyte of data to ShinyHunters
Summary
Telus Digital has acknowledged unauthorised access to a limited number of its systems and says it is investigating and securing its environment. External reports claim the crime gang ShinyHunters may have exfiltrated roughly one petabyte of data after obtaining valid Google Cloud Platform credentials — reportedly tied to the earlier Salesloft breach. Telus indicates it has taken immediate steps and is actively managing and monitoring the situation.
The article also compiles related infosec news: Citrix’s CISO urging customers to apply patches urgently; Starbucks staff credentials harvested via spoofed HR portals affecting 889 partners; Kevin Mandia launching Armadin to red-team AI-driven ‘hyperattacks’; Loblaw reporting a low-level customer-data breach; and allegations of large Social Security data theft tied to a former DOGE engineer.
Key Points
- Telus Digital confirmed unauthorised access and is investigating while securing affected systems.
- Reports suggest ShinyHunters exfiltrated about 1 petabyte of data after gaining valid GCP credentials — possibly linked to the Salesloft incident.
- Credential theft and reuse across cloud and third-party services remain critical attack vectors that can cascade into massive breaches.
- Vendors and CISOs (eg. Citrix) are urging immediate patching, enabling MFA, audit logging and verifying supported product versions.
- The roundup highlights a broader trend: phishing/supply-chain attacks, targeted credential theft of employee portals, and the rise of AI-focused offensive tools.
Context and relevance
This is a major example of supply-chain and cloud risk: stolen cloud credentials can let attackers access large volumes of data across customers and partners. Organisations that outsource services or rely on shared cloud infrastructure should view this as a reminder to enforce least privilege, rotate and scope credentials, enable MFA, keep systems patched, and monitor for anomalous access. The incident ties into ongoing trends — credential harvesting, phishing of HR/partner portals and the emergence of AI-enabled offensive capabilities — all of which raise the bar on detection and response.
Author style
Punchy: This one matters. A purported petabyte-scale leak via stolen cloud credentials is the kind of breach that’ll keep CISOs awake. If you’re responsible for cloud security, identity or third-party risk, the details here deserve your attention now.
Why should I read this?
Look — if you run cloud services, manage suppliers, or worry about leaked credentials, this is a proper wake-up call. It shows how a breach at one vendor can cascade into massive data loss through credential reuse. Quick wins: rotate keys, enforce MFA, patch urgently and crank up logging and detection. Do those things now.