Lapsus$ - Hacking Group Arrested

Police in the United Kingdom has arrested seven people over suspected connections to the Lapsus$ hacking group, which has targeted tech giants including Samsung, Nvidia, Microsoft, and Okta in recent weeks.

In a statement given to TechCrunch, Detective Inspector Michael O’Sullivan from the City of London Police said: “The City of London Police has been investigating with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our inquiries remain ongoing.”

News of the arrests comes just hours after a Bloomberg report revealed a teenager based in Oxford, U.K., is suspected of being the mastermind of the now-prolific Lapsus$ hacking group. Four researchers investigating the gang’s recent hacks said they believed the 16-year-old, who uses the online moniker “White” or “Breachbase,” was a leading figure in Lapsus$. Bloomberg was able to track down the suspected hacker after rival hackers leaked his personal information online.

According to security reporter Brian Krebs, the teenager purchased Doxbin last year, a site where people can share or find personal information on others, before giving up control of the website in January and leaking the entire Doxbin data set to Telegram. The Doxbin community retaliated by releasing personal information on him, including his home address, social media photos, and details about his parents.

TechCrunch has seen a copy of the suspected hacker’s leaked personal information, which we are not sharing — but it matches Bloomberg’s reporting.

The city of London Police, which primarily focuses on financial crimes, did not say if the 16-year-old was among those arrested.

At least one member of Lapsus$ was also apparently involved with a recent data breach at Electronic Arts, and another is suspected to be a teenager residing in Brazil. The latter is said to be so capable of hacking that researchers first believed that the activity they witnessed was automated.

Researchers’ ability to track the suspected Lapsus$ members may be because the group, which now has more than 45,000 subscribers to its Telegram channel, where it frequently recruits insiders and leaks victims’ data, does little to cover its tracks. In a blog post this week, Microsoft said the group uses brazen tactics to gain initial access to a target organization, including publicly recruiting company insiders. As reported by Bloomberg this week, the group has even gone as far as to join the Zoom calls of companies they’ve breached and taunted employees trying to clean up their hack.

The Lapsus$ hacking group first came to light in December 2021, when it mainly focused on targeting organizations in the U.K. and South Africa. Earlier this week, its latest victim was confirmed as Otka, which admitted that around 366 corporate customers were affected by the breach on Wednesday.