Just days after police in the U.K. arrested seven people over suspected connections to the now-infamous hacking and extortion group, Lapsus$ is claiming its latest victim.
Lapsus$, whose recent victims include Okta, Microsoft, Nvidia, and Samsung, now claims to have breached Globant, a Luxembourg-based software development consultancy. After declaring itself “back from vacation” on Wednesday, the group published a 70-gigabyte torrent file on its Telegram channel with data allegedly stolen from the company, which the hackers claim includes its corporate customers’ source code.
Globant confirmed to TechCrunch that it has “detected that a limited section of our company’s code repository has been subject to unauthorized access” and is investigating.
The hackers also published a list of company credentials for accessing its source code-sharing platforms, including GitHub, Jira, Crucible, and Confluence. Malware research group VX-Underground tweeted a redacted screenshot of the hackers’ Telegram post, which shows the group posting what they claim to be Globant’s passwords, which, if confirmed, would be easily guessable by an attacker.
Before publishing the torrent file, Lapsus$ also shared screenshots of a file directory that contains names of several companies believed to be Globant customers, including Facebook, Citibank, and C-Span.
Globant lists several high-profile customers on its website, including the U.K. Metropolitan Police, software house Autodesk, and gaming giant Electronic Arts. At least one member of Lapsus$ was involved with a data breach at Electronic Arts last year, though it’s unclear if the two incidents are linked.
LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw
— vx-underground (@vxunderground) March 30, 2022
SOS Intelligence, a U.K-based threat intelligence provider that analyzed the leaked data, told TechCrunch that “the leak is legitimate and very significant, as far as Globant and Globant impacted customers are concerned.”
Amir Hadzipasic, the intelligence provider’s chief executive, says the data includes a large amount of GitHub source code that appears to belong to Globant, along with several repositories that contain “very sensitive information” such as TLS certificate private keys and chains, Azure keys and API keys for third-party services. SOS Intelligence also found around 7,000 candidate resumes, over 150 databases, and a “large number” of private keys for several different services.
Autodesk confirmed it was investigating the incident, but no other Globant customers have yet responded.
This latest breach comes just days after U.K. police arrested seven people connected to the Lapsus$ group, all aged between 16 and 21. In response to questions about the arrests on its Telegram channel, Lapsus$ claimed no gang members were arrested.