Lapsus$ is clearly not done leaking

Lapsus$ is clearly not done leaking

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn More



The reported arrest of seven teenage members of Lapsus$ last week does not appear to have put a stop to the leaks, with major IT services firm Globant and some of its clients appearing to be the latest victims of the prolific hacker group.

“We are officially back from a vacation,” Lapsus$ said on Telegram on Tuesday — after posting a screengrab that suggested it had accessed the systems of Globant.

The group then posted a torrent that it claimed includes 70 GB of source code from Globant customers.

Today, Globant acknowledged that a breach, impacting some of its clients, has in fact occurred.

“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access,” Globant said in a statement. “We have activated our security protocols and are conducting an exhaustive investigation.”

Globant said that “according to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients.”

“To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected,” the statement said.

The Globant statement did not mention Lapsus$, or specify how many clients had their data accessed. VentureBeat has reached out to Globant for comment.

Notably, the screengrab posted by Lapsus$ mentions a number of major companies, including Apple — specifically, “apple-health-app” — as well as Facebook, DHL and Anheuser-Busch InBev.

VentureBeat has reached out to Apple, Facebook, DHL and Anheuser-Busch InBev for comment.

Globant says it served 1,138 customers during 2021, including Google, Electronic Arts, Santander and Rockwell Automation. Revenue for 2021 was $1.3 billion, the company reported.

Screengrab of Lapsus$ Telegram account (3/30 @ 11 a.m. PST)

Series of leaks

The new data leak claims follow the disclosure last week that Lapsus$ had breached a third-party support provider for identity security vendor Okta in January — potentially impacting up to 366 Okta customers — as well as the disclosure that Lapsus$ had stolen certain Microsoft source code.

In addition to those incidents, Lapsus$ has also carried out confirmed breaches of Nvidia and Samsung over the past month.

Last week, Bloomberg reported that Lapsus$ is headed by a 16-year-old who lives with his mother in England. Several media outlets subsequently reported that the City of London Police had arrested seven teenagers in connection with the Lapsus$ group. It was unknown whether the group’s leader was among those arrested. 

In a Telegram post March 22, prior to the reported arrests, Lapsus$ said that several members would be on “vacation” until March 30. “We will try to leak stuff ASAP,” the group said in the post.

With that brief hiatus now clearly concluded, the cybersecurity community is now awaiting a new series of breaches and leaks.


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More