Samsung confirms hackers compromised its systems and stole Galaxy source code

South American hacking group Lapsus$ claimed responsibility last week.


Samsung confirmed Monday that some of its data was stolen as part of a cyberattack that was first reported over the weekend. In a statement to Bloomberg, the Korean electronics giant revealed that a security breach saw "some source code relating to the operation of Galaxy devices" taken but customer and employee credentials were not impacted.

Although Samsung has not revealed the actors behind the compromise, South American hacking group Lapsus$ has claimed responsibility. The organization shared a 190GB torrent file that reportedly includes bootloader source code for all of Samsung's recent devices, as well as code related to the biometric authentication and on-device encryption for Galaxy phones and tablets. Attackers may have also gained access to confidential data related to Qualcomm.

The admission comes less than a week after the same group said it obtained around 1TB of data, including schematics and source code, from chip giant NVIDIA. The company said it became aware of the attack on February 23rd, after which time Lapsus$ had demanded a ransom paid in cryptocurrency to prevent NVIDIA’s files from becoming public. When NVIDIA failed to respond, source code for the company's DLSS technology and information related to as many as six unannounced graphics cards was shared online.

"Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption," Samsung later confirmed in its statement. It is not known whether Lapsus$ issued the same cryptocurrency demands to Samsung, but we've contacted the company for clarification.