Lapsus$ hackers are "back from vacation" as Globant hit

Hacker
(Image credit: Shutterstock)

The Lapsus$ hacking group appears to have struck again, with the latest victim is Globant - a software development company from Luxembourg. 

The group has said it is "back from vacation", and posted a 70GB torrent file on its Telegram channel, claiming the dump contains Globant’s customer source code, among other items.

The company’s customers include Google, LinkedIn, EA, and Coca-Cola, among others. EA has had its endpoints breached last year, by one member of Lapsus$, but at the moment, it’s impossible to know if the two breaches have anything in common. Lapsus$ has also published a screenshot of a folder, showcasing a number of alleged Globant customers - Facebook, Citibank, C-Span. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

"Very sensitive information"

Besides source codes, the group also published a list of company passwords which these firms used to access source code sharing platforms such as GitHub, Jira, Crucible, or Confluence. 

The leak also contains multiple repositories with “very sensitive information” - including TLS certificate private keys and chains, Azure keys and API keys for third-party services, 7,000 candidate resumes, more than 150 databases and a “large number” of private keys for various services, researchers confirmed.

In a statement given to TechCrunch, Globant confirmed being breached, saying it detected a “limited section” of its company code repository being subject to unauthorized access. An investigation is currently ongoing, it added.

Some cybersecurity researchers seem to think the dump is legitimate. Commenting on the breach for the same publication, SOS Intelligence CEO, Amir Hadzipasic, said “the leak is legitimate and very significant, as far as Globant and Globant impacted customers are concerned.”

Lapsus$ has become one of the most notorious names over the first few months of 2022, having reportedly breached a number of major tech companies, including Nvidia, Samsung, LG, Microsoft, and Okta.

Law enforcement agencies seem to believe the group is run by a teenager living in the UK with his mother, and some alleged Lapsus$ members were recently arrested by police in the country.

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.