The ransomware group that hit Samsung and Nvidia appears to have struck two new big-name targets in the tech sector: a South American e-commerce giant and a British telecom multinational.
Buenos Aires-based online marketplace MercadoLibre admitted in an SEC filing this week that source code and user data were accessed, although it did not reveal how.
“Although data from approximately 300,000 users (out of our nearly 140 million unique active users) was accessed, to date and according to our initial analysis, we have not found any evidence that our infrastructure systems have been compromised or that any users’ passwords, account balances, investments, financial information or credit card information were obtained. We are taking strict measures to prevent further incidents,” it said.
Separately, Vodafone is reportedly investigating claims that internal data was breached.
Both companies were reportedly cited by ransomware group Lapsus in a message to its subscribers on Telegram this week. The group asked which victim organization’s data should be leaked next: Vodafone, MercadoLibre or Portuguese media firm Impresa.
It claimed to have 200GB of Vodafone source code in its possession.
“We are investigating the claim together with law enforcement, and at this point we cannot comment on the credibility of the claim,” a Vodafone spokesperson told CNBC. “However, what we can say is that generally the types of repositories referenced in the claim contain proprietary source code and do not contain customer data.”
Thought to be based in South America, Lapsus has already made waves in the ransomware market this year with breaches of Nvidia and Samsung. It’s believed to have obtained employee credentials and proprietary information from the former and source code from the latter.
ESET’s global cybersecurity advisor, Jake Moore, argued that ransomware groups are becoming increasingly brazen in how they reveal their victims.
“It is likely the remaining companies will in time also have their leaked data exposed as well,” he said of the Lapsus Telegram poll. “To avoid becoming the next victim, companies must ensure their entire IT infrastructure is safe by immediately patching all network security gateways and endpoint devices.”