{ "id": "177349d6-db1e-4ed3-9353-9c6f2174a561", "created_at": "2026-04-06T01:30:54.15348Z", "updated_at": "2026-04-10T13:12:01.288434Z", "deleted_at": null, "sha1_hash": "431b11c6744ba6dbb3fd7c5402165afa058fb869", "title": "Globant confirms hack after Lapsus$ leaks 70GB of stolen data", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 4455880, "plain_text": "Globant confirms hack after Lapsus$ leaks 70GB of stolen data\r\nBy Ionut Ilascu\r\nPublished: 2022-03-30 · Archived: 2026-04-06 00:07:26 UTC\r\nIT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group,\r\nwhere data consisting of administrator credentials and source code was leaked by the threat actors.\r\nAs part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some\r\ncustomers source code.”\r\nSource code and private keys\r\nGlobant is an IT and software development firm with over 16,000 employees worldwide and $1.2 billion in revenue for\r\n2021.\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 1 of 7\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 2 of 7\n\nVisit Advertiser websiteGO TO PAGE\r\nFounded in Buenos Aires, Argentina, Globant is currently headquartered in Luxembourg and boasts a well-known list of\r\ncustomers, including Metropolitan Police, SmileDirectClub, Autodesk, Electronic Arts, Santander, Interbank, Royal\r\nCarribbean, and many more.\r\nFollowing the leak from Lapsus$, Globant issued a press release confirming that some of the company source code has been\r\nexposed to an unauthorized party.\r\n“We have recently detected that a limited section of our company's code repository has been subject to unauthorized access”\r\n- Globant\r\nAmong the data published by Lapsus$, there is a screenshot the group claims to be of an archived directory from Globant,\r\ncontaining folder names that appear to be company customers.\r\nSome of the source code folders listed in the screenshot include, Abbott, apple-health-app, C-span, Fortune, Facebook,\r\nDHL, and Arcserve.\r\nThe metadata for the entries shows that the folders have been modified on March 29, which could indicate when the data\r\nwas stolen.\r\nIn a follow-up post, Lapsus$ published a set of credentials for what they say give administrator access to various platforms\r\nused by Globant for developing, reviewing, and collaborating on customer code (Jira, Confluence, GitHub, Crucible).\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 3 of 7\n\nA third post from the gang today shared a torrent file for about 70GB of data stolen from Globant. The company says that\r\nthe intruder on its systems accessed “certain source code and project-related documentation for a very limited number of\r\nclients.”\r\nThe damage appears to be significant.\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 4 of 7\n\nAccording to threat intelligence company SOS Intelligence, the leaked data contains customer information as well as a  code\r\nrepositories with a large number of private keys (full chain, web server SSL certificates, Globant server, API keys).\r\nOne of the repositories is for the Bluecap app for consultancy in the financial sector, that Globant acquired in late 2020.\r\nThe cache that Lapsus$ leaked also includes a little over 150 SQL database files for various customer applications, SOS\r\nIntelligence says.\r\n\"In terms of legitimacy, going just by volume alone it's hard to fabricate that amount of data - however samples of the data\r\nhave been cross referenced with live systems and other methods that show the leak is legitimate and very significant as far\r\nas Globant and Globant's impacted customers are concerned\" - SOS Intelligence\r\nGlobant said today that its investigation into the incident did not reveal any evidence that the hackers compromised other\r\nparts of its infrastructure system.\r\nLapsus$ on LE radar\r\nThe Lapsus$ data extortion group has been constantly making the news due to their attacks on big technological companies,\r\nlike Microsoft, Nvidia, Samsung, Okta, Ubisoft, many of them resulting in big data leaks.\r\nDespite the big names on their victim list, Lapsus$ is believed to be formed mainly by teenagers exercising their hacking\r\nskills driven mainly by making a name on the hacking scene, not by financial motivation.\r\nThe group has been on the radar of law enforcement for a while and some individuals, all teens believed to be connected to\r\nLapsus$, have been arrested in the U.K.\r\nThe FBI is also investigating the activities of the group and has asked the public for any information leading to identifying\r\nLapsus$ members involved in the compromise of computer networks from U.S.-based companies.\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 5 of 7\n\nHowever, it is unclear how many active members are in the group and what roles they play.\r\nIt is believed that Lapsus$ has affiliates all over the world, as their Telegram chats seem to suggest that some of them speak\r\nEnglish, Russian, Turkish, German, and Portuguese.\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 6 of 7\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nhttps://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/\r\nPage 7 of 7", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data/" ], "report_names": [ "globant-confirms-hack-after-lapsus-leaks-70gb-of-stolen-data" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775439054, "ts_updated_at": 1775826721, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/431b11c6744ba6dbb3fd7c5402165afa058fb869.pdf", "text": "https://archive.orkl.eu/431b11c6744ba6dbb3fd7c5402165afa058fb869.txt", "img": "https://archive.orkl.eu/431b11c6744ba6dbb3fd7c5402165afa058fb869.jpg" } }