The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant.
The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back.
In addition to source code, the cybercriminals published on their Telegram channel a list of usernames and passwords that they claim can be used to access various development platforms used by Globant, including GitHub, Jira, Crucible and Confluence.
In the past weeks, Lapsus$ took credit for attacks on several major companies, including Microsoft, Okta, Samsung, Vodafone, Ubisoft and NVIDIA.
In each of these cases, the targeted organization confirmed suffering a data breach after the cybercriminals made public large amounts of information, but most of the victims said the hackers’ claims were exaggerated.
Lapsus$ announced targeting Globant less than a week after authorities in the United Kingdom said they had identified and arrested seven people allegedly linked to the hacker group. The suspects are aged 16 to 21, and one of the supposed leaders is a 16-year-old boy who has not been named for legal reasons.
[ READ: The Chaos (and Cost) of the Lapsus$ Hacking Carnage ]
Lapsus$ is a financially motivated group that is trying to make money by stealing data from major organizations and demanding a ransom to prevent the compromised files from getting leaked. While some have described them as a ransomware group, their attacks don’t appear to involve any file-encrypting malware, which is why it’s more accurate to describe them as an extortionist group.
The cybercriminals mainly rely on social engineering, SIM swapping, hacking employee accounts, and insiders to achieve their goals, typically naming and shaming victims on their Telegram channel.
Identity and access management company Okta is one of the most recently named victims. The hackers gained access to Okta customer information in mid-January after they breached systems belonging to Sitel Group-owned Sykes, which provides customer support services to Okta.
Okta has come under fire for not moving faster to determine the implications of the incident and for taking so long to inform customers.
Sitel says the incident is still being investigated and it cannot disclose too many details, but the company issued a statement on Tuesday to deny allegations that a file containing passwords has been leaked.
UPDATE: Globant has provided the following statement:
We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.
According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.
We are taking strict measures to prevent further incidents.
