Recently, IT and software consultancy Global confirmed that they were compromised by the Lapsus$ hacking group, in which the data consisting of administrator credentials and source code was leaked by it.
“
We recently discovered that parts of the company's codebase received unauthorized access. ——Globant
”
As part of the leak, the Lapsus$ hacking group released 70GB of data stolen from Globeant, describing it as "the source code for some customers." One of them is a screenshot claiming to be a Global archive directory that contains source code folders for customers such as Abbott, apple-health-app, C-span, Fortune, Facebook, DHL, and Arcserve. The metadata for these entries shows that the folder was modified on March 29, which may be the time the data was stolen.
In a subsequent post, Lapsus$ published a set of credentials that they said gave administrators access to the source code sharing platforms used by Global (Jira, Confluence, GitHub, Crucible).
For Globeant, the losses seemed significant. Threat intelligence firm SOS Intelligence said the leaked data contained customer information and a code base with a large number of private keys (full chain, web server SSL certificate, Globant server, API key). One of these repositories is for Bluecap, a financial industry consulting application acquired by Globeant in late 2020. In addition, the Lapsus$ leaked data included more than 150 SQL database files for various customer applications.
For the incident, Globant said that through the investigation, no evidence has been found that hackers have invaded other parts of its infrastructure system.
Over the past few months, the Lapsus$ gang has hacked into many big tech companies such as Nvidia, Samsung, Ubisoft, Vodafone, Microsoft, and Okta. The group has come under the radar of law enforcement, and days before Globeant was hacked, British police announced they had arrested 7 Lapsus$ members and charged a 16-year-old from Oxford with being one of the group's leaders. Meanwhile, the FBI is also investigating the group's activities and asking the public to provide information to identify Lapsus$ members involved in hacking into U.S. companies' computer networks.