Globant (and customers) leak by Lapsus$ Group

March 30, 2022    Article    360 words    2 mins read

Lapsus$ is back and on fire, today we got a new leak today with Globant.com admin credentials and a 70GB torrent from Globant customers. Keep in mind that no torrent files are hosted on this website.

Globant is an IT and Software Development company operating in Argentina, Colombia, Uruguay, the United Kingdom, Brazil, the United States, Canada, Peru, India, Mexico, Chile, Costa Rica, Ecuador, Spain, France, Germany, Romania and Belarus. It was formed in 2003 by Martín Migoya, Guibert Englebienne, Martín Umaran and Néstor Nocetti. It was founded in Buenos Aires, but currently is headquartered in Luxembourg and principally serves clients in the United States and United Kingdom.

Original messages from Lapsus$ Group are below.

First:

For anyone who is interested about the poor security practices in use at Globant.com. i will
expose the admin credentials for ALL there devops platforms below.

https://confluence.globant.com/
https://confluence.corp.globant.com/ (massive, over 3000 spaces of customer documents)
admin
oighiegh

https://crucible.globant.com/
https://crucible.corp.globant.com/
admin
aiyiushe

https://jira.globant.com/
https://jira.corp.globant.com/
admin
ohgheibi
admin2
ohgheibi

https://github.globant.com/
https://github.corp.globant.com/
syed.aleem
New123456789!!!

Second:

Leak of some customers source code from Globant.com corp GHE and GHE

Around 70gb.

Enjoy!

Downloads

Magnet link:

magnet:?xt=urn:btih:94c00570c1bc047b6f9477a6f20ed41fc21aff9f&xt=urn:btmh:1220fe903c10b3abadcad97cdb42c8c7db2ac714760a4711f13edf457213d93eac59&dn=globant.rar&tr=http%3a%2f%2f1337.abcvg.info%3a80%2fannounce&tr=http%3a%2f%2fmilanesitracker.tekcities.com%3a80%2fannounce&tr=http%3a%2f%2fnyaa.tracker.wf%3a7777%2fannounce&tr=http%3a%2f%2fopen.acgnxtracker.com%3a80%2fannounce&tr=udp%3a%2f%2fopen.tracker.ink%3a6969%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce&tr=http%3a%2f%2fshare.camoe.cn%3a8080%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2ft.overflow.biz%3a6969%2fannounce&tr=http%3a%2f%2ft.publictracker.xyz%3a6969%2fannounce&tr=http%3a%2f%2ftr.cili001.com%3a8070%2fannounce&tr=http%3a%2f%2ftracker.bt4g.com%3a2095%2fannounce&tr=http%3a%2f%2ftracker.files.fm%3a6969%2fannounce&tr=http%3a%2f%2ftracker.gbitt.info%3a80%2fannounce&tr=http%3a%2f%2ftracker.ipv6tracker.ru%3a80%2fannounce&tr=http%3a%2f%2ftracker.mywaifu.best%3a6969%2fannounce&tr=http%3a%2f%2fvps02.net.orel.ru%3a80%2fannounce&tr=https%3a%2f%2fcarbon-bonsai-621.appspot.com%3a443%2fannounce&tr=https%3a%2f%2fchihaya-heroku.120181311.xyz%3a443%2fannounce&tr=udp%3a%2f%2fopentracker.i2p.rocks%3a6969%2fannounce&tr=https%3a%2f%2ftp.m-team.cc%3a443%2fannounce.php&tr=https%3a%2f%2ftr.abiir.top%3a443%2fannounce&tr=https%3a%2f%2ftr.burnabyhighstar.com%3a443%2fannounce&tr=https%3a%2f%2ftr.ready4.icu%3a443%2fannounce&tr=https%3a%2f%2ftracker.babico.name.tr%3a443%2fannounce&tr=https%3a%2f%2ftracker.imgoingto.icu%3a443%2fannounce&tr=https%3a%2f%2ftracker.lilithraws.cf%3a443%2fannounce&tr=https%3a%2f%2ftracker.nanoha.org%3a443%2fannounce&tr=https%3a%2f%2ftrackme.theom.nz%3a443%2fannounce&tr=udp%3a%2f%2f6ahddutb1ucc3cp.ru%3a6969%2fannounce&tr=udp%3a%2f%2f9.rarbg.com%3a2810%2fannounce&tr=udp%3a%2f%2fexodus.desync.com%3a6969%2fannounce&tr=udp%3a%2f%2ffe.dealclub.de%3a6969%2fannounce&tr=udp%3a%2f%2fipv4.tracker.harry.lu%3a80%2fannounce&tr=udp%3a%2f%2fipv6.babico.name.tr%3a8000%2fannounce&tr=udp%3a%2f%2fipv6.tracker.monitorit4.me%3a6969%2fannounce&tr=udp%3a%2f%2fmirror.aptus.co.tz%3a6969%2fannounce&tr=udp%3a%2f%2fmovies.zsw.ca%3a6969%2fannounce&tr=udp%3a%2f%2fopen.demonii.com%3a1337%2fannounce&tr=udp%3a%2f%2fopen.dstud.io%3a6969%2fannounce&tr=udp%3a%2f%2fopen.stealth.si%3a80%2fannounce&tr=udp%3a%2f%2fopen.tracker.cl%3a1337%2fannounce&tr=http%3a%2f%2fopen.tracker.ink%3a6969%2fannounce&tr=udp%3a%2f%2fopentor.org%3a2710%2fannounce&tr=https%3a%2f%2fopentracker.i2p.rocks%3a443%2fannounce&tr=udp%3a%2f%2fp4p.arenabg.com%3a1337%2fannounce&tr=udp%3a%2f%2frun.publictracker.xyz%3a6969%2fannounce&tr=udp%3a%2f%2fthetracker.org%3a80%2fannounce&tr=udp%3a%2f%2ftorrentclub.space%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.0x.tf%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.altrosky.nl%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.beeimg.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.birkenwald.de%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.bitsearch.to%3a1337%2fannounce&tr=udp%3a%2f%2ftracker.cyberia.is%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.dler.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.doko.moe%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.jordan.im%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.lelux.fi%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.moeking.me%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.monitorit4.me%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=udp%3a%2f%2ftracker.pomf.se%3a80%2fannounce&tr=udp%3a%2f%2ftracker.skynetcloud.site%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.theoks.net%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.tiny-vps.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.torrent.eu.org%3a451%2fannounce&tr=udp%3a%2f%2ftracker.zemoj.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.zerobytes.xyz%3a1337%2fannounce&tr=udp%3a%2f%2ftracker1.bt.moack.co.kr%3a80%2fannounce&tr=udp%3a%2f%2ftracker1.myporn.club%3a9337%2fannounce&tr=udp%3a%2f%2ftracker2.dler.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker6.lelux.fi%3a6969%2fannounce&tr=udp%3a%2f%2fu4.trakx.crim.ist%3a1337%2fannounce&tr=udp%3a%2f%2fvibe.sleepyinternetfun.xyz%3a1738%2fannounce&tr=udp%3a%2f%2fwww.torrent.eu.org%3a451%2fannounce&tr=ws%3a%2f%2fhub.bugout.link%3a80%2fannounce&tr=wss%3a%2f%2ftracker.openwebtorrent.com%3a443%2fannounce

Original torrent file is here (use Tor browser), SHA256 of the file is 948b53a49561fda9fdf8da28ff7bafeae1c814777a17ccd974eef4b705719775, it’s a v2 torrent and won’t open in clients that don’t support v2 torrents, like Transmission.

Contents (image provided by Lapsus$):

Update: There are API keys for internet-facing services in the Citibank source folder. No bueno, senor.

globant.rar

Size: 59,058,182,036 bytes, 73,935,137,695 bytes expanded.

Git repos:

$ find . -type d -name ".git" | wc -l
842

Keys:

find . -type f -name "*.key"
./racetrac/racetrac-azure-templates/PreProd/AzurePreProdEnvironment/UbuntuVM/Keys/ubuntu-preprod-public.key
./racetrac/racetrac-azure-templates/PreProd/AzurePreProdEnvironment/UbuntuVM/Keys/ubuntu-preprod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-preprod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-dev-public.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-prod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-preprod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-dev-private.key
./racetrac/racetrac-azure-templates/Resource upload files/Ubuntu VMs/ubuntu-prod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-preprod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel73-prod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-prod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-dev-public.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel73-preprod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-dev-private.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel73-preprod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-prod-public.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel73-prod-private.key
./racetrac/racetrac-azure-templates/Resource upload files/RHEL VMs/rhel-preprod-private.key
./Galicia-Agro/gres-grecosystem-bff/app/config/public.key
./Galicia-Agro/gres-grecosystem-bff/app/config/private.key
./Galicia-Agro/gres-grecosystem-bff/server.key
./Citibanamex/marketplace/sslcert/server.key
./CloudNativePatrol/vms-cli/cli_vms/certs/client.key
./Arcos-Dorados/app-db-migration-api-services/src/main/resources/ssl_certificate/postgresql.key
./Communication/DXPNXT/web/themes/custom/globant_corp_theme/node_modules/node-gyp/test/fixtures/server.key
./Communication/drupaldays/web/themes/custom/globant_corp_theme/node_modules/node-gyp/test/fixtures/server.key
./Communication/DMKT-Meetup/web/themes/custom/globant_corp_theme/node_modules/node-gyp/test/fixtures/server.key
./Globant/microsites-giant-monkey-robot/wp-content/plugins/wordfence/lib/noc1.key
./Globant/microsites-giant-monkey-robot/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/rules.key
./Globant/microsites-giant-monkey-robot/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/falsepositive.key
./Globant/microsites-xappia/wp-content/plugins/wordfence/lib/noc1.key
./Globant/microsites-xappia/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/rules.key
./Globant/microsites-xappia/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/falsepositive.key
./Globant/microsites-bluecap/cert/bluecap.com.key
./Globant/drupal-local-environment/configurations/nginx/ssl/certificate.key
./Globant/microsites-inspire/wp-content/plugins/wordfence/lib/noc1.key
./Globant/microsites-inspire/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/rules.key
./Globant/microsites-inspire/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/falsepositive.key
./Globant/base-image-wp/wp-content/plugins/wordfence/lib/noc1.key
./Globant/base-image-wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/rules.key
./Globant/base-image-wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/falsepositive.key
./Globant/microsites-sentinel-report/wp-content/plugins/wordfence/lib/noc1.key
./Globant/microsites-sentinel-report/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/rules.key
./Globant/microsites-sentinel-report/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/falsepositive.key
./FluentLab/license-manager/license-manager/src/main/resources/public.key
./FluentLab/license-manager/license-generator/src/main/resources/private.key
./apple-health-app/smu-fork/node_modules/node-gyp/test/fixtures/server.key