Telecommunication giant Vodafone has launched an investigation into the claims of a data breach made by hacking group Lapsus$ who are threatening to leak the company’s source code.
Lapsus$ is the data extortion group said to be responsible for a recent security breach of South Korean electronics giant Samsung in which they obtained “source code relating to the operation of Galaxy devices,” and other confidential data. The group also claimed responsibility for a data breach of an American chip maker Nvidia at the end of February. Lapsus$ reportedly leaked stolen data from Nvidia, threatening to release more stolen information unless the company removed LHR (designed to make it harder to mine for cryptocurrency without reducing gaming performance) from its graphics cards.
According to a report from CNBC, Lapsus$ asked their subscribers in a poll on messaging app Telegram: “What should we leak next?” followed by three options:
-
Vodafone source code (around 5,000 GitHub repositories, 200GB or so compressed),
-
The source code and databases of Portuguese media corporation Impresa,
-
The source code for MercadoLibre and MercadoPago e-commerce companies (24,000 repos)
The poll ends on March 13.
“We are investigating the claim together with law enforcement, and at this point we cannot comment on the credibility of the claim. However, what we can say is that generally the types of repositories referenced in the claim contain proprietary source code and do not contain customer data,” a Vodafone spokesperson told CNBC.
MercardoLibre and MercadoPago did not respond to CNBC’s request for comment.
