 |
| Samsung confirms that its internal data has been stolen |
South Korean technology giant Samsung today confirmed that hackers have succeeded in stealing the company's internal data and source code from Galaxy devices.
The hack was first reported earlier this month when a hacking group called $Lapsus claimed responsibility. The group recently hacked Nvidia and shared screenshots showing nearly 200GB of stolen data.
The stolen data included Samsung's source code for encryption and biometric unlocking on Galaxy devices.
In today's statement, Samsung did not confirm or deny the identity of the hackers or whether they stole encrypted and biometric data. However, the company said it does not collect any personally identifiable information about employees or customers.
"There were security breaches in some of the company's internal data," Samsung said in a statement reported by Bloomberg. According to our initial analysis, the vulnerability contains source code related to the operation of Galaxy devices. However, this does not include the personal data of our customers or employees.
"We do not currently expect any impact on our business or our customers. We have taken measures to prevent further such incidents and continue to serve our customers without interruption," she added.
Samsung confirms source code theft
The Samsung leak contains the source code for every trusted TA app installed in Samsung TrustZone environments for sensitive operations such as hardware encryption, binary encryption, and access control.
It also includes the source code of the company's startup managers and activation servers for all recent Samsung devices, as well as the complete source code for the technology used to authenticate Samsung accounts, including APIs and services.
Additionally, the leak contains the algorithms used for all biometric unlocking, as well as Qualcomm's secret source code.
In a recent NVIDIA hack, hacker group $Lapsus attempted to blackmail the company, threatening to leak data online unless NVIDIA removes the cryptographic mining specification from some GPUs and releases these card drivers.
It is not known if $Lapsus threatened the South Korean company with the aim of blackmailing it in exchange for some concessions.