Despite Arrests, LAPSUS$ Hacking Group Strikes Again, Hitting IT Supplier

pcmag.com:

LAPSUS$, the hacking group behind a string of breaches at Microsoft, Nvidia, and Okta, has returned, despite news reports indicating its members may have been arrested.  

The LAPSUS$ gang today claimed it hacked Globant, which provides software services to brands including Disney, Google, and Electronic Arts. 

In a public chat room, the group boasted about the alleged hack by posting a screenshot that shows a 73GB archive containing files supposedly stolen from Globant. The images displays several folder names that mention brands including Abbott Laboratories, Facebook, DHL, and C-Span, indicating LAPSUS$ may have stolen information on Globant’s customers. 

The gang is now circulating the archive online as a torrent file, claiming the stolen information includes customers’ source code. In addition, LAPSUS$ posted the logins and passwords for several Globant.com web portals while calling out the company’s “poor security practices.”

Globant confirmed it was breached. “We have recently detected that a limited section of our company's code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation,” the company said.

“According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients,” the company added. “To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.”

The company shut down access to the compromised Globant.com corporate portals.  

The LAPSUS$ group claimed it hacked Globant after returning from a week-long “vacation.” During the same period, the BBC reported