Data leak
TechCrunch / BleepingComputer / SecurityAffairs
Primary Source βIncident Details
Lapsus$ hacking group leaked 190GB of alleged Samsung source code and proprietary data in March 2022. Stolen data included: TrustZone trusted applet source code, biometric unlock algorithms, Galaxy device bootloader source code, Qualcomm confidential source code, activation servers source code. Samsung confirmed breach but stated no consumer personal data was stolen. Occurred 2 weeks after Lapsus$ breached Nvidia. Source code exposure risks enable targeted vulnerability discovery.
Technical Details
- Initial Attack Vector
- CWE-522: Insufficiently Protected Credentials (exact vector not disclosed; Lapsus$ used credential theft and social engineering techniques)
- Vendor / Product
- Samsung Electronics
Timeline
- 2022-03-04 Breach occurred
- 2022-03-07 Publicly disclosed
- 2022-03-07 Customers notified