OKTA source code dumped as promised by Lapsus$ gang.
03 April 2022BREACHAWARE HQ
A total of 12 breach events
were found and analysed resulting in 5,644,957 exposed accounts
containing a total of 10 different data types of personal datum
. The breaches found publicly and freely available included Robinhood, Pareto Creditos, Globant, Transneft and Akos Kovacs. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Socia-Demographic Data, Technical Data, Usage Data.
Data Breach Analysis
Among the most notable names in this group is Robinhood, the widely used financial services platform known for commission-free stock and crypto trading. Robinhood has previously been in the spotlight due to high-profile security incidents, and its inclusion here again raises concerns over the handling of sensitive financial and personally identifiable information. Breaches linked to financial platforms not only put individual user data at risk but also raise the spectre of fraud, identity theft, and regulatory scrutiny.Pareto Creditos, a financial credit company, represents another fintech-related entity in this breach set. Companies in the lending and credit scoring space typically handle rich personal profiles, including income details, identification documents, and credit history. A breach in this context could result in targeted attacks against financially vulnerable individuals or abuse of exposed data in loan fraud schemes.
Another significant inclusion is Globant, a multinational software development and IT services firm that serves clients globally across various industries including banking, retail, and media. A compromise involving a vendor like Globant poses a layered risk: not only could internal company data be affected, but so too could systems and services they develop or manage for clients. Third-party risk in the software supply chain is a recurring and growing concern, as attackers look for leverage points within service providers to reach broader targets.
The breach involving Transneft, a Russian state-owned oil pipeline company, highlights the continued threat to critical infrastructure operators. While no operational systems are confirmed affected here, breaches related to energy or industrial sectors can present significant national security implications, particularly if internal communications, engineering data, or employee records are exposed.
Akos Kovacs, listed in this breach collection, may refer to an individual developer, small business, or niche service, a reminder that even smaller digital footprints are not immune to exposure. These entities may not attract the same attention as multinational corporations but can still be targeted as part of broader campaigns or due to vulnerabilities in shared platforms or services.
Though specific data types were not detailed in this overview, the cross-sector nature of these breaches reveals potential risks for consumers, developers, investors, and employees alike. Exposure of even minimal personal or company information can act as a springboard for phishing, impersonation, and further intrusion attempts.
The growing diversity of breach sources, from global fintech brands to sovereign-owned industrial giants, illustrates a shifting threat landscape where attackers are indiscriminate in targeting high-value and high-access data environments. For affected individuals and organisations, the consequences could include unauthorised access to financial systems, account takeovers, legal liabilities, or long-term reputational harm.
In sum, these 12 breaches and their 5.6 million compromised accounts serve as a stark reminder of the persistent vulnerabilities across the digital supply chain. Organisations across all verticals must continue to evolve their cybersecurity defences, while users remain vigilant against the ripple effects of leaked credentials and exposed personal data.
Spotlight
Well the OKTA source code was dumped as promised by the Lapsus$ gang and then the City of London announced they had arrested a bunch of teenagers soon after with one of the father's of the teenagers saying, "he is never letting his son near a PC again"! City of London Police said: "Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing."And what of the OKTA CEO, who should have stuck to a script and not gone off message and stated all is fine, his comments has created confusion and uncertainty. @Billdamirkapi was tweeting away screenshots of confidential data that related to the available source code compromised and we found over 308,304 emails within the associated source code so his comments did not match up to what everyone was seeing.
Another interesting incident surrounds the breached trading platform, RobinHood which was compromised in November 2021. The data was sold off and hasn’t been seen in the wild until a couple of days ago where it was dumped on a new underground forum. You could gain the data if you wished to pay for it in November or someone would purchase it and give it to you which in our eyes is unethical. The interesting thing that happened with the RobinHood data was every time the publicly available data was posted, we witnessed it being taken down extraordinary quickly.
The conspiracy theorists in the Research Team think the 'feds' really didn’t want this circulating on the internet however they must have given up because it's now definitely doing the rounds. Note a high proportion of the email addresses and associated data types were from free email service providers such as gmail and yahoo etc.
Other notable companies and organisations targeted this week was a Russian Oil and Gas Company, no surprise there, a European Network of almost 2,000 world-class computing systems researchers and industry representatives and we also saw a couple of small data types on SolarWinds, the FBI and the final one to mention, a lot of data for a Argentine Financial Services Company.