Vodafone investigates claims of a data breach made by Lapsus$ gang

Vodafone is investigating a recently suffered cyberattack, after a ransomware gang Lapsus$ claimed to have stolen its source code.

Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source code.

The Lapsus$ gang claims to have stolen approximately 200 GB of source code files, allegedly contained in 5,000 GitHub repositories.

Early this week, the cybercrime group asked their subscribers in a poll on messaging app Telegram: “What should we leak next?” followed by three options:

• Vodafone source code.
• The source code and databases of Portuguese media corporation Impresa,
• The source code for MercadoLibre and MercadoPago e-commerce companies.

The poll will end on March 13.

“We are investigating the claim together with law enforcement, and at this point we cannot comment on the credibility of the claim.” a Vodafone spokesperson told CNBC. “However, what we can say is that generally the types of repositories referenced in the claim contain proprietary source code and do not contain customer data.”

In February, Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption of 4G/5G communications and television services.

The Lapsus$ gang recently claimed to have stolen sensitive data from NVIDIA and Samsung.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Vodafone)

[adrotate banner=”5″]

[adrotate banner=”13″]