Samsung Confirms Data Breach, Says Customer Details Weren't Stolen

Samsung Nano City Onyang
(Image credit: Samsung)

Over the weekend, hacking group Lapsus$ claimed to have penetrated Samsung’s servers and made off with 200GB of compressed data. The South Korean business conglomerate confirmed in a statement to Bloomberg that internal company data, including Galaxy smartphone source code, had been exposed.

According to Samsung, customer data or personal information is not at risk. “There was a security breach relating to certain internal company data,” reads Samsung’s statement, which does not identify the attackers. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

A torrent file containing nearly 200GB of data was posted to the hacking group’s Telegram channel late last week, purportedly filled with Samsung source code for device security, including biometric security algorithms and the bootloader. Lapsus$ also claimed to have extracted Knox authentication code, plus details regarding online services and Samsung accounts.

The same group, which appears to be based in South America, attacked Nvidia last week. It claimed to have acquired tens of thousands of employee email details plus two expired code-signing certificates, which are allegedly already in use to sign malware.

Despite the company’s assurances that no user data was stolen and tighter security measures have been put in place, it might be a good idea to change your Samsung passwords and enable two-factor authentication (if you haven’t already). With hackers seemingly on a relentless pursuit of corporate data for extortion purposes, keeping your personal details secure has never been more important. Be sure to also check out our guides to changing passwords in Linux and Windows.

Ian Evenden
Freelance News Writer

Ian Evenden is a UK-based news writer for Tom’s Hardware US. He’ll write about anything, but stories about Raspberry Pi and DIY robots seem to find their way to him.