The group of cybercriminals “Lapsus” claims to have stolen sensitive information from Mercado Libre and Mercado Pago. The company founded by Marcos Galperín issued a statement in which it confirmed that from an unauthorized login “the data of approximately 300 thousand users was accessed”, of the total of 140 million they have between both platforms.
Rumors of a possible hack began to circulate on Sunday night. Lapsus uploaded a poll to his broadcast channel asking members to vote on their next victim. on the list was Vodafone, Company, Free market and Payment Market.
This Monday afternoon Mercado Libre confirmed that there was unauthorized access: “We have recently detected that part of the source code of Mercado Libre, Inc. has been subject to unauthorized access. We have activated our security protocols and are conducting a thorough analysis.”
The way these cybercriminal groups operate is with ransomware extortion: a type of virus that blocks user information and demands a ransom in exchange, as happened with Migrations in 2020 and the unauthorized access of Renaper in 2021 .
In the survey the group claims that they managed to steal 24,000 source code libraries from the company (repositories). What does this mean?
“One repository it is simply a folder in the cloud with software source code, on some server or service that stores information. Just as there is Google Drive to store personal files, there are repositories to store the source code of the programs”, explained Maximiliano Firtman, an expert programmer and teacher, to Clarín.
“Having the source code of a program allows you to know how it works. Imagine a museum where the crown jewels are kept. The jewels are the user data (passwords, credit cards) and money. That wouldn’t be broken if only the repositories showed up. What appeared are the complete plans of the museum and the adjoining buildings, along with the design of alarms and the protocol of the security guards. LThe seriousness is that criminals would now have incalculably valuable information to commit crimes. It doesn’t mean they can because you still have to go in and steal the jewels, but they have much more information than before,” adds the expert.
“There could now be many criminal groups trying to attack the company if they find vulnerabilities in those blueprints. The ideal is to always be attentive, configure notifications to be notified immediately of changes in our accounts or money transfers and always enable second factor authentication”, he recommends.
The number of repositories that Lapsus claims to have is striking: 24,000, which is a lot. However, Mercado Libre is one of the companies with the most code libraries in the world.
“24,000 programs is a lot. Nevertheless, Mercado Libre uses a software production technique called microservices where instead of making a large software (for example, one for all of MercadoPago) they make a lot of very small software for each functionality (for example, one to receive money, another to pay for services, another to change the password and so on)”, he clarifies. Firmman.
“A year ago the information was published that MercadoLibre was one of the companies with the most code repositories in the world and they numbered 13,000. 11,000 in a year sounds like a lot but there could also be a lot of repositories that are just tests or even exercises people are doing as interns. It cannot be confirmed without seeing the content”, assures the also director of the IT Master Academy programming academy.
Mercado Libre’s position
The Wall Street-listed company issued the following statement to the press around 6 p.m. Monday:
We have recently detected that part of the MercadoLibre, Inc. source code has been subject to unauthorized access. We have activated our security protocols and are conducting a thorough analysis.
Although the data of approximately 300,000 users (out of nearly 140 million unique active users) was accessed, so far – and based on our initial analysis – we have not found any evidence that our infrastructure systems have been compromised or that they have been compromised. obtained user passwords, account balances, investments, financial or payment card information. We are taking strict measures to prevent further incidents.
In addition, it published the information in its report to investors.
Data breaches often affect the reputation of companies. However, it must be remembered that from Yahoo to Microsoft to Facebook, almost none were exempt from cybercrime by cybercriminals.
Lapsus: what is known and the Latin American connection
Lapsus was recently in the news for leaking Samsung data. Last Friday they uploaded a file divided into three parts with data from the South Korean company, which could be downloaded through a torrent.
Some experts say that Lapsus is a Latin American group of cybercriminals that operate with ransomware, this type of program that extorts victims by stealing sensitive information and making it public.
In fact, in the official communication channel they use, there are messages in Portuguese, something that is not so common in the cybercriminal environment: they usually post messages in English or in languages with Cyrillic characters (Russian and Ukrainian, for example).
The Nvidia company, the largest chip manufacturer in the United States, was also the victim of a cyberattack by this group with very serious consequences. In more than 1 TB of information, they managed to leak very sensitive information.
The Lapsus extortion scheme had asked Nvidia to disable “LHR”, i.e. a software limit on its graphics cards to unlock their full potential for crypto mining. Since the company did not give in, they leaked the source code of some of its most important technologies, such as DLSS.
It will remain to know if they finally publish the 24,000 repository, or if the threat finally only remains in a poll.