Skip to main content
  1. Home
  2. Computing
  3. News

Victims of latest massive LAPSUS$ hack include Facebook, DHL

Add as a preferred source on Google

Hacking group LAPSUS$ has revealed its latest target: Globant, an IT and software development company whose clientele includes the likes of technology giant Facebook.

In a Telegram update where the hackers affirmed they’re “back from a vacation,” — potentially referring to alleged members of the group getting arrested in London — LAPSUS$ stated that they’ve acquired 70GB of data from the cyber security breach.

facebook privacy mark zuckerberg
Justin Sullivan / Getty Images

Not only have they seemingly obtained sensitive information belonging to several large organizations, the group decided to release the entire 70GB via a torrent link.

Recommended Videos

As reported by Computing, the group shared evidence of the hack via an image displaying folders that are named after Facebook, DHL, Stifel, and C-Span, to name but a few.

Although there is a folder titled “apple-health-app,” it is not directly related to the iPhone maker.

Instead, The Verge highlights how the data it contains is actually associated with Globant’s BeHealthy app, which was developed in partnership with Apple due to its use of the Apple Watch.

Meanwhile, LAPSUS$ posted an additional message on its Telegram group listing all of the passwords of Globant’s system admins and the company’s DevOps platforms. Vx-underground, which has conveniently documented all of the group’s recent hacks, confirmed the passwords are extremely weak.

LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw

— vx-underground (@vxunderground) March 30, 2022

Notably, login credentials for one of those platforms seemingly offered access to “3,000 spaces of customer documents.”

Following the Telegram message and subsequent leak on March 30, Globant itself confirmed it was compromised in a press release.

“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.

According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.

We are taking strict measures to prevent further incidents.”

Earlier in March, seven alleged members of the group, reportedly aged 16 to 21, were arrested in London, before being released pending further investigations. According to reports, the alleged ringleader of the group, a 16-year-old from Oxford, U.K., has also apparently been outed by rival hackers and researchers. “Our inquiries remain ongoing,” City of London police stated.

Security researchers have suggested other members of LAPSUS$ could be based out of South America.

Hacking scene’s newcomer causing a lot of noise

LAPSUS$ has gained a reputation by injecting activity into the hacking scene in an extremely short span of time.

Amazingly, the majority of its hacks seem to come to fruition by simply targeting engineers of large companies and their access points via weak passwords. The group even stresses this fact repeatedly in its Telegram updates.

It’s understandable when an average user from home is subjected to a hack due to weak passwords, but we’re not talking about individuals here. LAPSUS$ has successfully infiltrated some of the largest corporations in history without the apparent need to resort to complicated and sophisticated hacking methods.

Moreover, hackers are now even exploiting weak passwords that make your PC’s own power supply vulnerable to a potential attack, which could lead to threat actors causing it to burn up and start a fire. With this in mind, be sure to strengthen your passwords.

LAPSUS$ has already leaked the source codes for Microsoft’s Cortana and Bing search engine. That incident was preceded by a massive 1TB Nvidia hack. Other victims include Ubisoft, as well as the more recent cyber security breach of Okta, which prompted the latter to issue a statement acknowledging a mistake in how it reported the situation.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more
I spent a fortune on a Copilot+ PC, and I’ve barely ever touched Microsoft’s AI
Microsoft needs to give Copilot+ PC owners a reason to use Copilot
Copilot

There is a dedicated Copilot key on my ASUS Zenbook 14 OLED. Months after buying the laptop, it may be one of the least important keys on the entire keyboard. My Zenbook UM3406 runs on AMD’s Ryzen AI 300 series processor, complete with a dedicated NPU offering up to 50 TOPS of AI performance. That qualifies it as a Copilot+ PC, which makes it a part of what Microsoft once described as the new era for Windows.

AI is already a regular part of my workday. I use it for research, brainstorming, and working through ideas. But rather than relying on something built into the Windows OS, I've relied on the likes of ChatGPT, Claude, and Gemini.

Read more