Vodafone Investigates Hacker Threat To Release Source Code

Following on from Samsung hack, ransomware group Lapsus$ threatens to release a 200GB data tranche of Vodafone source code

Vodafone is reportedly working with law enforcement to investigate hacking claims made by Brazilian-based hacking group Lapsus$.

Lapsus$ it should be remembered claimed responsibility last week for the data breach of South Korean electronics giant Samsung, which resulted in the theft of 190GB of data.

Then on Monday Samsung confirmed the data breach, and said the stolen data “involves some source codes relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees.”

Samsung compromise

Now Lapsus$ is claiming that it has 200GB worth of Vodafone source code, and according to CNBC, on Monday it asked its subscribers in a poll on the messaging app Telegram: “What should we leak next?” followed by three options.

The first option touted by Lapsus$ is to release around 200GB worth of Vodafone source code. The poll ends on 13 March, CNBC reported.

The other two options are the source code and databases of Portuguese media corporation Impresa and the source code for MercadoLibre and MercadoPago, both Argentinian e-commerce companies.

At the time of publication, Vodafone had 56 percent of the vote.

It is not immediately clear at the time of writing if Lapsus$ obtained any of the Vodafone source code data in the Samsung data breach, or whether it attacked Vodafone separately.

A Vodafone spokesperson meanwhile told CNBC the company is aware of the claims being made by Lapsus$.

“We are investigating the claim together with law enforcement, and at this point we cannot comment on the credibility of the claim,” the spokesperson is quoted as saying.

“However, what we can say is that generally the types of repositories referenced in the claim contain proprietary source code and do not contain customer data.”

MercardoLibre and MercadoPago, did not respond to CNBC’s request for comment.

Impresa’s websites were down and no contact information was available to reach out to the company.

Previous attacks

It comes after Lapsus$ last month hacked GPU powerhouse Nvidia.

The hackers then released a 20GB document archive of 1TB of data stolen from the GPU designer.

Nvidia confirmed that a cyber attacker had leaked employee credentials and some company proprietary information online after their systems were breached.

Vodafone meanwhile has been compromised, before this latest reported attack.

In February, Vodafone’s Portuguese unit was hit with a cyberattack that disrupted its services.

Vodafone said at the time that customers’ personal data had not been compromised.

But that attack was so serious that Vodafone Portugal’s 4G/5G mobile networks were taken down, as was SMS texts, television services, answering services, and even fixed-line voice.

Prior to that in 2015 Vodafone suspended the accounts of nearly two thousand customers after their details were found to have been accessed by outside sources.

Around 1,800 Vodafone customers were affected by that 2015 breach, which saw details such as names, passwords and telephone numbers grabbed by hackers.