Pharma giant AstraZeneca claimed by hackers, with source code on the table

Published: 23 March 2026
Last updated: 26 March 2026
AstraZeneca logo
Photo by Anthony Devlin/Getty Images.
Listen to this article

AstraZeneca, the Swedish-British pharmaceutical behemoth, has been posted on a hacker blog. The attackers claim they have access to the company’s source code, cloud infrastructure, and various keys.

Key takeaways:
  • Hackers claim to have stolen AstraZeneca's source code, employee databases, and cloud infrastructure credentials including AWS keys.
  • AstraZeneca is a $58.7 billion pharmaceutical company with 90,000 employees now facing potential security vulnerabilities.
  • Cybernews researchers investigated sample data, which appears to expose GitHub user information and employee details from AstraZeneca clinical research companies.
  • Exposed source code could enable competitors to discover vulnerabilities while leaked employee data increases targeted social engineering attack risks.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

AstraZeneca’s name appeared on Lapsus$' blog, which it uses to showcase its latest victims. According to the attackers, they managed to syphon several gigabytes of the company’s data, including “full source code” and employee details. The data appears to have been posted to a dark web data leak forum as well.

ADVERTISEMENT

On March 26th, the attackers uploaded the supposedly stolen data on their blog.

The Cambridge-headquartered pharma giant is among the largest market players globally, with reported 2025 revenue exceeding $58.7 billion and a workforce of around 90,000.

We have reached out to the company for comment and will update the article once we receive a reply.

What AstraZeneca details are the attackers claiming to have access to?

According to Lapsus$ posts spread across at least two different platforms, the attackers managed to access a variety of the company’s databases, exposing:

  • Full source code
  • Employee database
  • GitHub Enterprise user data
  • Internal API keys
  • AWS keys and Service accounts
  • MongDB
  • MySQL Credentials
lapsus astrazeneca post
Attackers' post on their Telegram channel. Image by Cybernews.

The Cybernews research team investigated data samples Lapsus$ shared on its Telegram channel and found that at least some of its claims appear legitimate. For example, our team found that the sample includes GitHub user information for those who work on AstraZeneca's internal software. The dataset supposedly includes:

ADVERTISEMENT
  • GitHub workspace names
  • Employee roles within those teams
  • URLs to specific GitHub profiles
  • Full names
  • Work emails
lapsus astrazeneca data sample
Sample of the leaked data. Image by Cybernews.

Another sample included employee information, revealing personal details of individuals working across various AstraZeneca-related clinical research companies. The datasets allegedly reveal:

  • Full names
  • Work emails
  • User identifiers
  • Company names

Meanwhile, the third sample attackers shared appeared to contain a tree structure of internal company software source code.

What AstraZeneca details did attackers leak online?

After attackers leaked the supposedly stolen details, our researchers investigated the data. According to the team, the leaked details included the source code.

“It looks like the source code comes from some sort of web application. There was also a file with data of partner company employees. Additionally, attackers uploaded a file with GitHub action logs that contained developer emails, hardcoded secrets such as RSA private keys and database credentials,” researcers explained.

According to our team, the actions appear to be dated 2024, which means current details may differ from the ones that were leaked. However, if the details remain unchanged, threat actors could exploit them to compromise the company's systems.

We'd be alarmed about leaking the hardcoded secrets since this type of data can be directly used to access internal information” our team said.

ADVERTISEMENT
astrazenece data upload sample
Sample of the supposedly leaked data. Match 26th. Image by Cybernews.

What threats does the AstraZeneca data breach pose?

If Lapsus$ claims were confirmed, AstraZeneca could face a cascade of threats. For one, aggressive competitors or threat actors could attempt to exploit the source code to scour for vulnerabilities that could penetrate deep into the company’s systems.

It’s almost a given that a multi-billion-dollar pharmaceutical company is working on numerous projects that require years of research and development, which means exposing their secrets could come at a steep price.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“If the gang really has the company’s source code, attackers could exploit it to identify current vulnerabilities. For example, attackers may discover hardcoded secrets or credentials in the code, which may eventually lead to exposure of intellectual property,” our team explained.

Meanwhile, individuals whose details were exposed in the attack could face an increased risk of targeted social engineering attacks. Since Lapsus$ has cooperated with notorious social engineering gangs, such as ShinyHunters, in the past, exposed individuals with high-level access could be especially vulnerable.

Who’s behind Lapsus$?

The gang gained attention in 2022 after several attacks against major corporations, including Okta, Nvidia, Samsung, and T-Mobile. However, several members of the group have been arrested in the UK.

Most recently, the gang claimed a data breach of Adidas Extranet, supposedly accessing data such as user names, passwords, and extensive technical information.

ADVERTISEMENT

However, the Adidas spokesperson said there was no indication that the company's IT infrastructure, its e-commerce platform, or any consumer data were affected by the incident.

In a report late last year, Resecurity researchers said that Lapsus$, together with Scattered Spider and ShinyHunters, are three of the most notorious English-speaking cybercrime groups operating today.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

Was AstraZeneca hacked by Lapsus$?

The Lapsus$ hacking group has claimed responsibility for breaching AstraZeneca, posting some data allegedly belonging to the pharmaceutical giant their dark web blog. The attackers allege they have stolen source code, cloud infrastructure keys (AWS), and internal database credentials.

What sensitive data was exposed in the AstraZeneca breach?

Samples attackers shared appears to include internal source code, GitHub repository access, API keys, and employee information. Specific leaked details include the full names, work emails, and roles of staff working at AstraZeneca and its related clinical research companies.

Is patient medical data at risk?

The current leak samples focus on technical infrastructure and employee data rather than patient medical records. However, researchers warn that the theft of "hardcoded secrets" and administrative keys from the source code could allow attackers to penetrate deeper into AstraZeneca's systems.

Why is the theft of source code dangerous?

Stealing source code allows cybercriminals to hunt for hidden vulnerabilities and security flaws that are not visible to the public. Hackers can exploit these flaws to launch sophisticated attacks, steal intellectual property, or compromise the software supply chain.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked