Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Lapsus$ Claims Hack of IT Giant Globant After Arrests of Alleged Members

The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant.

The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant.

The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back.

In addition to source code, the cybercriminals published on their Telegram channel a list of usernames and passwords that they claim can be used to access various development platforms used by Globant, including GitHub, Jira, Crucible and Confluence.

Globant hack

In the past weeks, Lapsus$ took credit for attacks on several major companies, including Microsoft, Okta, Samsung, Vodafone, Ubisoft and NVIDIA.

In each of these cases, the targeted organization confirmed suffering a data breach after the cybercriminals made public large amounts of information, but most of the victims said the hackers’ claims were exaggerated.

Threat Intelligence Summit - Virtual Event

Lapsus$ announced targeting Globant less than a week after authorities in the United Kingdom said they had identified and arrested seven people allegedly linked to the hacker group. The suspects are aged 16 to 21, and one of the supposed leaders is a 16-year-old boy who has not been named for legal reasons.

[ READ: The Chaos (and Cost) of the Lapsus$ Hacking Carnage ]

Lapsus$ is a financially motivated group that is trying to make money by stealing data from major organizations and demanding a ransom to prevent the compromised files from getting leaked. While some have described them as a ransomware group, their attacks don’t appear to involve any file-encrypting malware, which is why it’s more accurate to describe them as an extortionist group.

Advertisement. Scroll to continue reading.

The cybercriminals mainly rely on social engineering, SIM swapping, hacking employee accounts, and insiders to achieve their goals, typically naming and shaming victims on their Telegram channel.

Identity and access management company Okta is one of the most recently named victims. The hackers gained access to Okta customer information in mid-January after they breached systems belonging to Sitel Group-owned Sykes, which provides customer support services to Okta.

Okta has come under fire for not moving faster to determine the implications of the incident and for taking so long to inform customers.

Sitel says the incident is still being investigated and it cannot disclose too many details, but the company issued a statement on Tuesday to deny allegations that a file containing passwords has been leaked.

UPDATE: Globant has provided the following statement:

We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.


According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.


We are taking strict measures to prevent further incidents. 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights