Some Koodo customers are receiving emails from the carrier notifying them of a recent security incident.
According to the email, an unauthorized third-party was able to access Koodo’s systems on February 13th using compromised credentials. Further, the third-party copied data from August and September 2017 that included some customers’ account numbers and telephone numbers.
The Telus flanker brand said in the email that it’s “possible that the information exposed has changed since 2017, in which case [users’] current information is not compromised.”
Further, Telus offered the following statement to MobileSyrup about the incident:
“Our investigation has determined that some archived customer data from 2017 has been accessed by an unauthorized user. We are proactively reaching out to impacted customers and offering them enhanced security safeguards such as telephone port protection. As soon as we discovered the incident, we took immediate steps to protect our customers and are continuing to monitor the dark web. Additionally, we have notified law enforcement and the Office of the Privacy Commissioner, and will continue our own internal investigation.”
In response to the breach, Koodo says it “acted quickly to prevent further unauthorized access.” The carrier also notes that some customers could be at risk of unauthorized number porting. In other words, a fraudster could use the compromised information to gain control of a customer’s phone number by moving it to another carrier, allowing the fraudster to receive that customer’s calls and texts.
Koodo says that it applied ‘port protection’ on all vulnerable accounts, which requires a customer to call the carrier before they can port the number. Finally, Koodo notes that customers can call in to remove port protection if they so choose.
Because of this, Koodo recommends customers don’t use their phone number for security services such as two-factor authentication (2FA). Further, Koodo advises customers who have 2FA set up with an affected phone number to use an alternate security feature as a third-party that obtained compromised account details could potentially use it to intercept 2FA codes and gain access to accounts secured in this way.
Additionally, a post on Koodo’s community forum notes that the carrier is still investigating the breach and directs customers with security concerns to call the carrier at 1-866-995-6636.
MobileSyrup has reached out to Telus about how many customers were affected by the breach and will update this story when we learn more.