The Lapsus$ hacking group appears to have struck again, with the latest victim is Globant - a software development company from Luxembourg.
The group has said it is "back from vacation", and posted a 70GB torrent file on its Telegram channel, claiming the dump contains Globant’s customer source code, among other items.
The company’s customers include Google, LinkedIn, EA, and Coca-Cola, among others. EA has had its endpoints (opens in new tab) breached last year, by one member of Lapsus$, but at the moment, it’s impossible to know if the two breaches have anything in common. Lapsus$ has also published a screenshot of a folder, showcasing a number of alleged Globant customers - Facebook, Citibank, C-Span.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
"Very sensitive information"
Besides source codes, the group also published a list of company passwords which these firms used to access source code sharing platforms such as GitHub, Jira, Crucible, or Confluence.
The leak also contains multiple repositories with “very sensitive information” - including TLS certificate private keys and chains, Azure keys and API keys for third-party services, 7,000 candidate resumes, more than 150 databases and a “large number” of private keys (opens in new tab) for various services, researchers confirmed.
In a statement given to TechCrunch, Globant confirmed being breached, saying it detected a “limited section” of its company code repository being subject to unauthorized access. An investigation is currently ongoing, it added.
> There's been another development in the Lapsus$ saga (opens in new tab)
> This British teenager is apparently the mastermind behind Lapsus$ (opens in new tab)
> Everything we know about Lapsus$ and Okta so far (opens in new tab)
Some cybersecurity researchers seem to think the dump is legitimate. Commenting on the breach for the same publication, SOS Intelligence CEO, Amir Hadzipasic, said “the leak is legitimate and very significant, as far as Globant and Globant impacted customers are concerned.”
Lapsus$ has become one of the most notorious names over the first few months of 2022, having reportedly breached a number of major tech companies, including Nvidia, Samsung, LG, Microsoft, and Okta.
Law enforcement agencies seem to believe the group is run by a teenager living in the UK with his mother, and some alleged Lapsus$ members were recently arrested by police in the country.
- You can keep your premises safe from hackers with some of the best firewalls out there (opens in new tab)
Via: TechCrunch (opens in new tab)