Samsung Confirms Data Breach by Hackers, Involving Source Code of Galaxy Smartphones

Mobile

Samsung has suffered a cybersecurity breach, the company revealed on Monday. The South Korean technology giant explained that the breach resulted in the exposure of internal company data. Some of the data that was exposed to the hacking group included the source code for Samsung Galaxy smartphones, but personal data of customers or its employees was not affected. The Lapsus$ hacking group had previously claimed responsibility for the breach. The company said it has taken measures to prevent breaches in the future.

On Monday, Samsung confirmed in a statement to Bloomberg News that it had suffered a cybersecurity breach, relating to certain “internal company data”. The company has not identified the group behind the hacking in the statement. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers,” Samsung explained in the statement.

Last week, hacking group Lapsus$ claimed responsibility for an attack on Samsung, then uploaded a snapshot of the company’s software gained from the attack online. The data exposed in the breach is said to include up to 190GB of data — including algorithms for bootloader source code and mobile biometric authentication — which has been uploaded as a torrent, according to a report by BleepingComputer. Lapsus$ previously claimed responsibility for a cyberattack on Nvidia, publishing a 20GB archive out of 1TB of data stolen from the GPU manufacturer.

Previously, the Lapsus$ hacking group had reportedly attempted to extort Nvidia, threatening to leak the company’s data unless it open sourced its graphics drivers and disabled the limits on cryptocurrency mining on certain GPUs. Samsung has not revealed whether the hacking group made any demands, before publishing the data online. However, the company stated that the compromised data does not include the personal information of consumers of employees. “We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” the company said its statement to Bloomberg.


For details of the latest Nokia, Samsung, Lenovo, and other product launches from the Mobile World Congress in Barcelona, visit our MWC 2022 hub.


As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, as well as on Twitter at @DxDavey. 
More