Lapsus$, a hacker organisation, recently attacked Nvidia, asking that the chipmaker remove a feature in select GPUs that caps hash rates while mining Ethereum cryptocurrency. The hackers demonstrated their authority by first exposing internal Nvidia email addresses and cryptographically encrypted passwords, then imposing a March 4 deadline. Lapsus$ isn't stopping there; now Samsung is under attack, and precious source code is at danger once more.
The fresh breach is revealed in a report from Bleeping Computer, which describes Lapsus$ as a "extortion gang" and claims the organisation originally uploaded an image of code for Samsung software before detailing what was exfiltrated from the South Korean electronics giant's computers. The stolen data appears to contain critical information, such as algorithms for all biometric unlocking processes, the source code for the bootloader for newer Samsung products, and all of the source code underlying the process of approving and authenticating Samsung accounts.
If all of the accusations are true, it is a serious breach. The material is apparently torrentable, with Lapsus$ compressing it into compressed files totaling approximately 190GB. According to Bleeping Computer, the hack is not a kidnapping, as there was no indication of a ransom demand as of Saturday. The cat is also out of the bag, with around 400 peers purportedly sharing the information and the hackers indicating intentions to increase download speeds with new servers.
It's unclear how consumers will react to this hack, but you don't have to understand programming or the nitty-gritty details of cybersecurity to see why this could be a setback for one of the world's largest electronics companies — Nasdaq.com reports that the Nvidia breach definitely impacted the chipmaker's bottom line, with its stocks closing lower than the rest of the market on Friday. When the markets open on Monday, Samsung may learn the true monetary value of the harm done.