Samsung has reportedly suffered a significant data breach via the same group that claimed to be responsible for last month’s hack of Nvidia.
According to Bleeping Computer, the LAPSUS$ hacking extortion group compromised Samsung and has begun to release confidential information obtained from the company.
The group has released the information in a torrent, it’s claimed, which at the time of writing appears to have been shared by hundreds of users.
LAPSUS$ began teasing the leak early on March 4, according to Bleeping Computer, posting screenshots of C/C++ directives in Samsung software.
VGC has not independently verified the contents of the torrent and Samsung have yet to comment on the security breach.
Reportedly the hacker group has obtained almost 190GB of information, which includes source code for “every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)”.
Also allegedly stolen were algorithms for all biometric tech that Samsung uses across its products, which would include things like fingerprint information and facial recognition technology.
The group is also alleged to have stolen bootloader source code for all recent Samsung devices, and source code from Qualcomm and technology that’s used for authorizing and authenticating Samsung accounts, including APIs and services.
This may mean that any users with Samsung products or services may want to change or secure their accounts before they are put in potential danger.
It’s not clear how the group plans to use this information, or if the information could be used in a malicious way beyond revealing trade secrets.
The group, which also claimed responsibility for a previous hack on Nvida during which it allegedly obtained the source code for the company’s DLSS technology, hasn’t made it clear if they’ve demanded money from Samsung, as they had claimed to do with Nvidia.