Samsung Confirms Galaxy Source Code Stolen In Data Breach, Claims Your Info Is Safe

The hacking group Lapsus$ (or "LAPSUS$") has been extra busy the past couple of weeks. First it breached NVIDIA and stole what it claims is 1TB of data, including what appears to be DLSS source code, and now it has plundered sensitive information from Samsung. Proprietary source code is involved there as well, Samsung confirmed in a statement.

We covered news of the breach over the weekend when Lapsus$ bragged on its Telegram account that it was in possession of a plethora of source code. Lapsus$ apparently swiped over 200GB from Samsung, which is less than the NVIDIA hack, but still includes highly sensitive data.

According to Lapsus$, the haul contains source code for every Trusted Applet (AT) installed on all Galaxy devices. That includes Samsung Knox, Samsung's security and management framework. The group also claims it made off with various other data, such as confidential source code from Qualcomm.

In a statement provided to Bloomberg, Samsung acknowledged that hackers did indeed steal "some source code" related to its Galaxy devices, but downplayed the incident as a whole. Here's the statement in full...
"There was a security breach relating to certain internal company data. According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption."
The stolen data apparently garnered a lot of interest when Lapsus$ made it available to download yesterday. Whether for nefarious purposes or just from people curious about the leak (including researchers), the servers got hammered, which at one point showed a download queue of over 7,000 days.

It doesn't appear as though Lapsus$ has made any public demands yet. This is in contrast to the NVIDIA data breach, in which the ransomware group threatened to release more information unless the GPU maker removed the low hash rate (LHR) lock on its GeForce graphics cards.

Samsung's statement doesn't address whether Lapsus$ has made any private demands, only that some information was stolen.