IT and software development company Globant has confirmed a hack after the Lapsus$ extortion group shared 70 GB of data allegedly stolen from the company.
Lapsus$ hasn't been quiet for long – less than a week after the City of London police made arrests of alleged Lapsus$ members, and the group returned by sharing a 70 GB torrent, consisting of what it claimed to be a ''leak of some customers' source code from Globant.com".
The screenshot of an archive shared by Lapsus$ contains folders on BNP Paribas, DHL, Abbott, Facebook, Fortune, etc.
Later on, the extortion group also published a set of administrator credentials, giving access to different platforms that Globant uses, including Crucible, Jira, Confluence, and Github.
Globant, which has 25,000 employees, is present in 18 countries and boasts about working with clients, such as Google, Rockwell Automation, Electronic Arts, and Santander, acknowledged the hack in a brief statement.
"We have recently detected that a limited section of our company's code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation," the company said.
Globant assured it is taking ''strict measures to prevent further incidents.''
"According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected," it said.
Microsoft, which acknowledged the extortion group managed to compromise a Microsoft employee account, said that Lapsus$ is not like any other threat actor. Unlike most activity groups that stay under the radar, Lapsus$ doesn’t seem to cover its tracks and uses public relations to bolster its claims.
More from Cybernews:
Subscribe to our newsletter