Samsung has confirmed that it has suffered a massive data breach that has leaked critical company information, including source code related to its Galaxy smartphones. Hackings and cyber-attacks are becoming increasingly common in recent years. Even the most prominent companies that spend millions of dollars every year in cyber-security are not immune to such problems. Several companies have reported massive data breaches of late, and there have also been reports of state-sponsored hackings against activists, opposition politicians, journalists, foreign diplomats, etc.
The news of the Samsung hack comes just days after NVIDIA said it detected a massive data breach that reportedly leaked information about the company's next-gen GPUs, codenamed Ada, Hopper and Blackwell. It also seemingly revealed that a new Nintendo Switch model is under development. A ransomware group called 'Lapsus$' has claimed responsibility for the hack. It is also threatening to release the LHR V2 bypass software that would help users circumvent the hash rate limiter that NVIDIA implemented in its RTX 30-series GPUs.
On Monday, in a statement to Bloomberg, Samsung admitted suffering a data breach that leaked vast amounts of internal company data. Around 190GB of confidential data has already reportedly been dumped online, including the source code for every Trusted Applet installed in Samsung's TrustZone environment used for encryption, access control, and hardware cryptography, according to a description of the leak published online. Some of the other leaked information reportedly includes algorithms for biometric unlock operations in smartphones, bootloader source codes for Galaxy devices, and many different source codes for Samsung's account authentications and other operations.
No Customer Data Leaked: Samsung
Samsung did not confirm nor deny the specific claims by Lapsu$, but said that the leaked information includes "some source code relating to the operation of Galaxy devices." The company also denied that any personal information of employees or customers was revealed and added that the breached data isn't expected to impact its customers or its business. It also claimed to have implemented "measures to prevent further such incidents" in the future.
Samsung did not publicly identify the attacker(s), but Lapsu$, the same group that recently hacked NVIDIA, also claimed to be behind the Samsung attack. In the case of the NVIDIA hack, the group threatened to dump the data online if the company didn't remove cryptocurrency mining limiters from its GPUs, but it's not immediately clear what it wants from Samsung in return for keeping the data private. Samsung didn't mention anything about the group's demands, nor have the hackers revealed their demands publicly.
Source: Bloomberg