Spokespeople for Samsung Electronics and Mercado Libre confirm that a group of hackers managed to gain unauthorized access to their source codes. The Lapsus$ group, responsible for the hack of Nvidia a few weeks ago, claims responsibility for the attacks.
Samsung Electronics, the leading company and brand in the technology industry, suffered a data theft after a security breach was exploited in its system. A company spokesperson confirmed the hack to SamMobile, informing that a group of hackers managed to access certain internal data of the company, as well as some source code of its Galaxy brand smart devices. Nearly 190 gigabytes (GB) of private information from Samsung were stolen by the hackers during the attack.
The company's spokesperson said the security breach did not expose the privacy of its customers or employees. Although the company did not specify what information was stolen, it said it involved some source code related to the operation of Galaxy devices and that the data did not include personal information. Code for upcoming releases and information from the company's partners, such as Qualcomm, were also apparently stolen. Samsung said it immediately strengthened its security system after learning of the hack.
Meanwhile, Mercado Libre, the largest e-commerce platform in Latin America, also confirmed that it has been a recent victim of a hack. Those responsible for the attack managed to access its source code and steal private data from a group of 300.000 users, reported The company. The payment platform MercadoPago has also been affected by the recent attack, although Mercado Libre assures that there is no evidence of access to passwords, balances, financial information or customer payment cards.
Confirmation of both attacks could lead to a wave of phishing and scam attempts similar to that seen in 2020, when a vulnerability in Ledger allowed hackers to access data of more than 1 million users.
It may interest you: Phishing attacks in the crypto industry grew 22% during the first half
Lapsus$: Nvidia, Samsung and Mercado Libre
The hacker group Lapsus$, believed to be based in South America, has announced itself as the person responsible for the recent attacks against Samsung, Mercado Libre and Mercado Pago. In fact, this hacker group is responsible for the 1TB data leak suffered by Nvidia, the multinational manufacturer of graphics processing units and integrated circuit technologies, two weeks ago.
Lapsus$, which uses ransomware to attack its victims, is pressuring Nvidia to implement an update for its 3000 series graphics cards. The hacking group wants the company to remove the feature Limit Hash Rate (LHR) of their graphics cards to maximize their performance in cryptocurrency mining. In exchange, Lapsus$ says it will not make public the information contained in the 1 TB of stolen data.
190 GB stolen from Samsung
Although the Samsung Electronics spokesperson did not name Lapsus$ as directly responsible for the hack, the group claimed responsibility for the attack, sharing screenshots showing access to the 190 GB of data stolen from the Korean company. Lapsus$ posted a snapshot of the C/C++ directories in Samsung's software to show that it handles the information and that it could publish the data on the Internet, Lapsus$ reported. SamMobile.
The company's shareholders are angry about the recent vulnerability, which could give insider information about new developments Samsung is working on to its competitors. In addition, highly sensitive functions of the company and its Galaxy devices, such as the encryption algorithm for biometric authentication or the encryption of security features, were also exposed. The hacker group's demands on Samsung and Mercado Libre are not known at the time of writing.
Next targets in sight
Vodafone, the UK-based mobile, fixed-line, broadband and digital TV operator, could be the next victim of Lapsus$.
On the Telegram channel associated with this hacker group, a kind of survey is shown asking which company to hack next. Impresa and Mercado Libre appear on the list. However, the majority of the group's members have been voting for Vodafone to be the next victim of the ransomware group.
Continue reading: Avast warns of scammers who want to get easy bitcoins amid the Ukraine crisis
