Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Lapsus$ Claims Hack of IT Giant Globant After Arrests of Alleged Members

The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant.

The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant.

The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back.

In addition to source code, the cybercriminals published on their Telegram channel a list of usernames and passwords that they claim can be used to access various development platforms used by Globant, including GitHub, Jira, Crucible and Confluence.

Globant hack

In the past weeks, Lapsus$ took credit for attacks on several major companies, including Microsoft, Okta, Samsung, Vodafone, Ubisoft and NVIDIA.

In each of these cases, the targeted organization confirmed suffering a data breach after the cybercriminals made public large amounts of information, but most of the victims said the hackers’ claims were exaggerated.

Threat Intelligence Summit - Virtual Event

Lapsus$ announced targeting Globant less than a week after authorities in the United Kingdom said they had identified and arrested seven people allegedly linked to the hacker group. The suspects are aged 16 to 21, and one of the supposed leaders is a 16-year-old boy who has not been named for legal reasons.

[ READ: The Chaos (and Cost) of the Lapsus$ Hacking Carnage ]

Lapsus$ is a financially motivated group that is trying to make money by stealing data from major organizations and demanding a ransom to prevent the compromised files from getting leaked. While some have described them as a ransomware group, their attacks don’t appear to involve any file-encrypting malware, which is why it’s more accurate to describe them as an extortionist group.

The cybercriminals mainly rely on social engineering, SIM swapping, hacking employee accounts, and insiders to achieve their goals, typically naming and shaming victims on their Telegram channel.

Identity and access management company Okta is one of the most recently named victims. The hackers gained access to Okta customer information in mid-January after they breached systems belonging to Sitel Group-owned Sykes, which provides customer support services to Okta.

Okta has come under fire for not moving faster to determine the implications of the incident and for taking so long to inform customers.

Sitel says the incident is still being investigated and it cannot disclose too many details, but the company issued a statement on Tuesday to deny allegations that a file containing passwords has been leaked.

UPDATE: Globant has provided the following statement:

We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.


According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.


We are taking strict measures to prevent further incidents. 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.