In total, Lapsus$ hackers have leaked 189 GB worth of sensitive data, while Samsung has confirmed the incident; it claimed that the leak does not involve customers’ or employees’ data.
The South Korean technology and smartphone giant, Samsung Electronics, has become a victim of a cyberattack involving 189 GB of sensitive data, which the hackers have leaked online.
Hackread.com can confirm that the data is now being traded on Telegram and several hacking and cybercrime forums, especially active Russian language ones.
For your information, a new Brazilian hacking group going by the online handle of Lapsus$ has claimed responsibility for the attack. Lapsus$ recently made headlines for targeting Nvidia and stealing 1TB of data. In the latest, the group says it has obtained Samsung’s secret source code along with a biometric unlock algorithm and other sensitive data.
About the Leaked Data
As seen by Hackread.com, Lapsus$ divided the data into three compressed files and released the entire 189 GB of data online as a torrent, and it has become one of the most popular torrent downloads now.
As per the description of the leaked data published by the hackers, the source code of every Trusted Applet installed in the TrustZone environment of Samsung, which is used for performing a variety of functions such as access control, binary encryption, and hardware cryptography is allegedly part of the leak.
Furthermore, apparently, all biometric unlock operations’ algorithms, bootloader source code of latest models of Samsung devices, source code for the tech giant’s activation servers, confidential source code from Qualcomm, and full source code of technology used to authenticate/authorize Samsung accounts for API, services, etc., are also part of the leaked data.
Samsung confirms data breach
Samsung has confirmed that its security was breached and “certain internal company data” was stolen. The technology giant also confirmed that the breach involves “some source codes related to the operation of Galaxy devices but does not include the personal information of its employees or consumers.
We were recently made aware that there was a security breach relating to certain internal company data. Immediately after discovering the incident, we strengthened our security system.
According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees.
Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.Samsung