Skip to main content

Victims of latest massive LAPSUS$ hack include Facebook, DHL

Hacking group LAPSUS$ has revealed its latest target: Globant, an IT and software development company whose clientele includes the likes of technology giant Facebook.

In a Telegram update where the hackers affirmed they’re “back from a vacation,” — potentially referring to alleged members of the group getting arrested in London — LAPSUS$ stated that they’ve acquired 70GB of data from the cyber security breach.

Related Videos
facebook privacy mark zuckerberg
Justin Sullivan/Getty Images

Not only have they seemingly obtained sensitive information belonging to several large organizations, the group decided to release the entire 70GB via a torrent link.

As reported by Computing, the group shared evidence of the hack via an image displaying folders that are named after Facebook, DHL, Stifel, and C-Span, to name but a few.

Although there is a folder titled “apple-health-app,” it is not directly related to the iPhone maker.

Instead, The Verge highlights how the data it contains is actually associated with Globant’s BeHealthy app, which was developed in partnership with Apple due to its use of the Apple Watch.

Meanwhile, LAPSUS$ posted an additional message on its Telegram group listing all of the passwords of Globant’s system admins and the company’s DevOps platforms. Vx-underground, which has conveniently documented all of the group’s recent hacks, confirmed the passwords are extremely weak.

LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw

— vx-underground (@vxunderground) March 30, 2022

Notably, login credentials for one of those platforms seemingly offered access to “3,000 spaces of customer documents.”

Following the Telegram message and subsequent leak on March 30, Globant itself confirmed it was compromised in a press release.

“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.

According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.

We are taking strict measures to prevent further incidents.”

Earlier in March, seven alleged members of the group, reportedly aged 16 to 21, were arrested in London, before being released pending further investigations. According to reports, the alleged ringleader of the group, a 16-year-old from Oxford, U.K., has also apparently been outed by rival hackers and researchers. “Our inquiries remain ongoing,” City of London police stated.

Security researchers have suggested other members of LAPSUS$ could be based out of South America.

Hacking scene’s newcomer causing a lot of noise

LAPSUS$ has gained a reputation by injecting activity into the hacking scene in an extremely short span of time.

Amazingly, the majority of its hacks seem to come to fruition by simply targeting engineers of large companies and their access points via weak passwords. The group even stresses this fact repeatedly in its Telegram updates.

It’s understandable when an average user from home is subjected to a hack due to weak passwords, but we’re not talking about individuals here. LAPSUS$ has successfully infiltrated some of the largest corporations in history without the apparent need to resort to complicated and sophisticated hacking methods.

Moreover, hackers are now even exploiting weak passwords that make your PC’s own power supply vulnerable to a potential attack, which could lead to threat actors causing it to burn up and start a fire. With this in mind, be sure to strengthen your passwords.

LAPSUS$ has already leaked the source codes for Microsoft’s Cortana and Bing search engine. That incident was preceded by a massive 1TB Nvidia hack. Other victims include Ubisoft, as well as the more recent cyber security breach of Okta, which prompted the latter to issue a statement acknowledging a mistake in how it reported the situation.

Editors' Recommendations

GPT-4: how to use, new features, availability, and more
A laptop opened to the ChatGPT website.

ChatGPT-4 has officially been announced, confirming the longtime rumors around its improvements to the already incredibly impressive language skills of OpenAI's ChatGPT.

OpenAI calls it the company's "most advanced system, producing safer and more useful responses." Here's everything we know about it so far.
Availability

Read more
GPT-4 has come to LinkedIn, because of course it has
LinkedIn's GPT-4 headline generator feature.

With the official introduction of Open AI's GPT-4, Microsoft is expanding its range of product support to include AI upgrades embedded into LinkedIn.

The business-focused social media platform announced Thursday that it will begin testing a host of AI-driven features based on both the GPT-3.5 and GPT-4 language models with its Premium subscribers. These functions will allow people to do things such as create more personalized profiles and job descriptions using AI-generated prompts. In particular, the GPT-4 language model will be the power behind AI profile writing, according to LinkedIn.

Read more
How Microsoft 365 Copilot unleashes ChatGPT from its restraints
Copilot in Microsoft Word generating results.

Thanks to ChatGPT, natural language AI has taken the world by storm. But so far, it's felt boxed in. With these chatbots, everything happens in one window, with one search bar to type into.

We've always known these large language models could do far more, though, and it was only a matter of time until that potential was unlocked. Microsoft has just announced Copilot, its own integration of ChatGPT into all its Microsoft 365 apps, including Word, PowerPoint, Outlook, Teams, and more. And finally, we're seeing the way generative AI is going to be used more commonly in the future -- and it's not necessarily as a straightforward chatbot.
Bringing natural language into apps

Read more