Just days after British police arrested seven people for alleged links to the now infamous hacking and extortion group, Lapsus$ claims its latest victim.
Lapsus$, whose recent victims include Okta, Microsoft, Nvidia and Samsung, now claims to have breached Globant, a Luxembourg-based software development consultancy. After declaring itself ‘back from vacation’ on Wednesday, the group posted a 70 gigabyte torrent file on its Telegram channel with data allegedly stolen from the company, which hackers say includes source code for its companies. clients.
The hackers also released a list of the company’s credentials used to access its source code sharing platforms, including GitHub, Jira, Crucible and Confluence. Malware Research Group VX-Metro tweeted a redacted screenshot of the hackers’ Telegram post, which shows the group posting what they claim are Globant’s passwords, which, if confirmed, would be easily guessed by an attacker.
Prior to posting the torrent file, Lapsus$ also shared screenshots of a file directory containing the names of several companies believed to be customers of Globant, including Facebook, Citibank and C-Span.
Globant also lists a number of high-profile clients on its website, including the UK’s Metropolitan Police, software company Autodesk and gaming giant Electronic Arts. At least one Lapsus$ member was involved in a data breach at Electronic Arts last year, though it’s unclear if the two incidents are related.
LAPSUS$ also threw its sysadmins under the bus, exposing their confluence passwords (among other things). We censored the passwords they displayed. However, it should be noted that these passwords are very easily guessed and used multiple times… pic.twitter.com/gT7skg9mDw
— vx-underground (@vxunderground) March 30, 2022
SOS Intelligence, a UK-based threat intelligence provider that analyzed the leaked data, told TechCrunch that “the leak is legitimate and very important, as far as Globant and the customers impacted by Globant are concerned.”
Amir Hadzipasic, managing director of the intelligence provider, says the data includes a large amount of GitHub source code that appears to belong to Globant, as well as a number of repositories containing “highly sensitive information” such as private keys and strings. TLS certificate, Azure keys, and API keys for third-party services. SOS Intelligence also found a collection of around 7,000 candidate CVs, over 150 databases and a “large number” of private keys for a number of different services.
TechCrunch has contacted Globant with a number of questions about the breach, but has yet to receive a response. We have yet to receive a response from any of the Globant customers we contacted for comment.
This latest offense comes just days after British police arrested seven people linked to the Lapsus$ group, all aged between 16 and 21. In response to questions about the arrests on his Telegram channel, Lapsus$ claimed that no member of the gang had been arrested.