Singtel ‘old data’ first published on dark web in February 2021: researcher

Data stolen in an attack on Singaporean multinational telecommunications conglomerate Singtel, which the company says was exfiltrated on January 20 last year, has been on the dark web since February 2021 and has been reposted on a clear web forum on October 7, according to a security professional.

Brett Callow, senior security researcher at New Zealand-based Emsisoft, said iTWire that the data was originally posted on the Windows ransomware group’s dark website, Cl0p.

“In February 2021, Cl0p released data that it believed was stolen from Singtel, and it is this data that Singtel believes is now being shared via the forum in question,” he said. [A screenshot he took at the time is below.]

Callow’s statement appears to refute a claim do it Guardian Australia which read: “Singtel has informed those affected, but the posting to the data leak forum is believed to be the first time the data has allegedly been published online.”

Callow said he grabbed a screenshot of data from Cl0p’s site when he first spotted the Singtel data being siphoned off during the Accellion attack.

website clapSingtel has been in the news since Optus, Australia’s second-largest telecom provider owned by the Singaporean company, revealed a massive breach September 22. Initially, it was said that there were nearly 10 million users, past and present, who were affected.

To this was added the appearance data stolen in what a Singtel spokesperson said was an attack via an Accellion file sharing system that was near end of life at the time.

To top it off, on Monday afternoon, Singtel revealed that his Australian IT services company Dialog had been hit by a data breach. iTWire sources claim that this breach was carried out using Agenda ransomware which only works on Windows.

Callow said a more interesting question about the Accellion attack data now emerging was who posted it on the web forum and the motivation behind it.


A screenshot of the post accompanying old Singtel data posted on the web on October 7.

He made no speculation about it, although the normal motive for anyone to post stolen data is to make a quick buck.


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

See how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site and a major newsletter promotion and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV which will be used in promotional posts on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.