 |
| 190 GB of Samsung data leaked |
South American hacker group Lapsus$ has released a wealth of confidential data that it claims came from the South Korean consumer electronics giant Samsung.
The leak comes less than a week after Lapsus released a 20GB archive that documents about 1TB of data stolen from GPU design company Nvidia.
The hacker group learned about Samsung data sharing from screenshots of C and C++ programming instructions in Samsung software.
$lapsus posted a description of the upcoming leak shortly after it provoked its followers. He said it contained Samsung's secret source code, which was obtained through a security breach.
The leak also appears to contain confidential data from Qualcomm. Group descriptions include:
- The source code for each trusted TA applet installed in the Samsung TrustZone environment for sensitive operations (eg hardware encryption, binary encryption, access control).
- The Boot Manager source code for all modern Samsung devices and enterprise activation servers, as well as the full source code for Samsung account authentication technology, including APIs and services.
- Algorithms for all biometric unlocking processes.
- Qualcomm secret source code.
If the above information is correct, it means that the company has encountered a serious data breach that may cause serious harm to the company.
The Lapsus team split the leaked data into three ZIP files totaling about 190 GB, which the team made available via torrent files. The organization also said that more servers could be added to increase download speeds.
The first part contains source code dumps and data related to security, protection, startup manager, Knox, TrustedApps, and many other projects.
Samsung said it is assessing the situation
The second part contains dumps of source code and data related to device security and encryption. And the third part contains different repositories from Samsung Github.
According to the Korea Herald, the South Korean company is assessing the situation.
$lapsus is responsible for the Nvidia data breach. She said she received nearly terabytes of confidential data from Nvidia. Driver diagram and source code are included.
The group asked Nvidia to provide the source code for the driver. This also requires removing the cryptographic mining limiter from the RTX 30 series GPUs.
It's not clear what the band can get from Samsung. The group has previously stated that its actions are not politically motivated.