New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Globant Confirms Lapsus$ Hackers Had Unauthorized Access to Customers’ Source Code

Earlier this week, the Lapsus$ hacking group claimed that it had stolen 70GB of data from Globant, a Luxembourg-based IT and software development firm. Globant confirmed yesterday that the hackers did manage to breach its network and access some of its corporate customers’ source code without authorization.

“According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected. We are taking strict measures to prevent further incidents,” Globant explained yesterday.

In a Telegram post, Lapsus$ shared a screenshot showing folders containing the source code of several companies presumed to be Globant clients. The list includes C-Span, Citibank, Abbott, and Facebook. In addition to the source code, the hacker group also shared a list of login credentials (with weak passwords) for some of Globant’s servers, including GitHub, Jira, Confluence, and Crucible.

The screenshots of the hacked data were shared by Malware research group VX-Underground on Twitter yesterday.

Globant Confirms Lapsus$ Hackers Had Unauthorized Access to Source Code

The London police arrested seven teenagers over Lapsus$ hacks

The Lapsus$ group has recently made the headlines for hacking some big technology companies, including Microsoft, Samsung, Nvidia, Okta, and Ubisoft. Lapsus$ hackers utilize several unsophisticated methods to target their victims. These techniques include SIM-swapping, social engineering, deploying password stealers, and bypassing multifactor-authentication systems.

The latest breach comes a few days after the London police arrested seven suspected members (aged between 16 to 21) of the Lapsus$ group. However, these hacking suspects were later released by the authorities. The FBI recently asked the public for help tracking the Lapsus$ members involved in the breach of US-based companies.

Microsoft recommends organizations to implement secure Multifactor authentication mechanisms to prevent cyber attacks from this hacker group. Meanwhile, the firm also advises customers to monitor their security posture and signs of intrusion in their security networks.

by Rabia Noureen
Mar 31, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.