Software services company Globant was hacked by the LAPSUS$ data extortion gang, according to their claims they have leaked nearly 70GB of data.
Lapsus$ announced this in a Telegram message saying, “We are officially back from a vacation.” They have nearly around 54,000 members on the Telegram channel. They also posted images of extracted data and credentials belonging to the company’s DevOps infrastructure.
From the screenshots shared it appears to be different companies from across the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, Stifel, among others.
While the torrent file shared contains nearly 70GB of data related to Globant’s source code. It also has administrator passwords associated with the firm’s Atlassian suite, which includes Confluence and Jira, and the Crucible code review tool.
VX-Underground, a malware research group, explained that passwords are not easy to guess, though they have been reused multiple times. This prompted LAPSUS$ to call out the “poor security practices in use” at the company. Globant at the time of writing has not commented on the incident. Lapsus$ extortion group emerged on the scene in December 2021, grabbing headlines with hacks involving companies such as Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, and Okta.
In the latest development, the city of London Police arrested and released seven alleged operatives of the criminal cartel aged between 16 and 21 under investigation last week. Though it looks like the law enforcement agencies are going to have a hard time putting a plug on Lapsus$ extortion group operations.
How to Secure your Email Account?
IcedID Malware Used By Hackers On Compromised Microsoft Exchange Servers To Spam Out Emails
Redis Servers under Muhstik Botnet Attack using Recently Disclosed Vulnerability