A few days after declaring that they’re going on a vacation, the Lapsus$ hacking group has now resurfaced with a new victim. The group hacked software consultancy firm Globant and has released a 70GB torrent containing source code from some of Globant’s customers.
The leaked data contains a large amount of Github source code, along with multiple repositories containing sensitive information such as TLS certificate private keys and chains, Azure keys and API keys for third-party services and over 3000 customer documents, as the group claimed in its Telegram message.
The company has confirmed the breach in a press release published Wednesday, stating that they’ve detected a “limited section” of its code repository being subject to unauthorised access. The company maintains that the information access was limited to certain source-code and project-related documentation for a “very limited number of clients”.
In the News: Ronin Network exploited for 173,600 ETH and 25.5M USDC
Back from the vacation
Before publishing the torrent file, the group posted screenshots of a file directory containing names of supposed Globant clients, including big names like Facebook, Citibank and DHL. Additionally, the group also leaked admin credentials for all of Globant’s DevOps platforms to expose poor security practices at the company.
The links and credentials posted by the group in its Telegram message aren’t active in writing. These links belonged to various platforms used by Globant for developing, reviewing and collaborating on customer code and included Jira, Confluence, GitHub and Crucible links.
The U.K police had arrested seven people over suspected connections to the group on March 24 after reports emerged that a teenager might be behind the hacking and extortion group. Lapsus$ claims that no gang members were arrested and even circulated a message on its Telegram channel claiming people are impersonating “Lapsus$ staff”.
In the News: Ukraine Refugee Crisis: 15 ways to support and get help