Lapsus$ 'back from vacation' with claimed Globant breach

The group has reportedly released 70 GB data on major global firms

The Lapsus$ data extortion group has announced another hack, this time resulting in the public release of source code from companies including Facebook and DHL.

The group wrote on their Telegram channel that they are "officially back from a vacation" - posting screenshots of what they say is data and credentials belonging to Globant ' s DevOps infrastructure.

Globant is a software development consultancy based in Luxembourg. The firm says it has worked with over thirty major clients in the public and private sectors.

The screenshots shared by Lapsus$ show a folder listing for what appears to be different firms from across the world, including Arcserve, Facebook, DHL, Stifel, Banco Galicia, BNP Paribas Cardif, Citibanamex, among others.

Although it's unclear if the folders actually contain Globant ' s client data, the fact that internal files seem to have been leaked is embarrassing for the company.

The group has also shared a torrent file that included around 70 GB of Globant's source code as well as administrator credentials for the Globant ' s Atlassian suite of products, including Confluence, Jira and the Crucible code review tool.

Lapsus$ also said that all Globant DevOps systems' admin credentials would be made public in coming days.

VX-Underground - an organisation that analyses malware samples - wrote on Twitter that the passwords revealed by Lapsus$ are easily guessable and have been reused multiple times, prompting Lapsus$ to call out the weak security measures in use at the company.

VX-Underground said the evidence it has shared came from security researcher Dominic Alvieri.

Since its emergence in December 2021, the Lapsus$ extortion organisation has been making headlines for their attention-grabbing attacks.

Microsoft, Samsung, Nvidia, Okta and Ubisoft are among the companies that Lapsus$ has claimed to have breached.

Microsoft said last week that Lapsus$ had gained limited access to its system. Identity and access management firm Okta also admitted that the group had hacked it, affecting some customers.

Okta says it made a mistake in its handling of the disclosure of the security incident from January, in which Lapsus$ targeted a third-party supplier of customer support services for Okta.

Meanwhile, the City of London Police said last week that they detained seven teens for their suspected links to the Lapsus$ gang.

Researchers probing Lapsus$ on behalf of hacked firms said they believed a 16-year-old boy living in Oxford likely played a key role in conducting many of those attacks.

The teenager ' s identity was exposed by rival hackers, who allegedly revealed his name, address, social media images and hacking career history.

Allison Nixon, chief research officer at cyber-security firm Unit 221B, said that researchers followed the teen via a trail of activities which were connected by an almost uninterrupted stream of online accounts.