As the analysis of the recently leaked Samsung source code showed, it contains thousands of private keys, and some of them will be very useful to cybercriminals.
The code analysis was carried out by experts from GitGuardian, a company specializing in Git security scanning and identifying confidential data.
Recall that Samsung’s source code was stolen by the South American cybercrime group Lapsus$, which over the past few weeks has claimed responsibility for hacking NVIDIA, Samsung, Ubisoft and Vodafone. In many cases, hackers seem to have obtained the source code of companies and published it.
In the case of Samsung, cybercriminals claimed the theft of 190 GB of data, and the company confirmed that the compromised information contains source code related to Galaxy devices.
Analysts have identified more than 6.6 thousand private keys, usernames and passwords, AWS, Google and GitHub keys in the leaked Samsung source code. How many of them are authentic remains to be seen. However, as the analysis showed, 90% of the keys seem to be connected to internal systems, and it may be difficult for attackers to use them. On the other hand, the remaining 600 keys can provide hackers with access to various systems and services.
A few months ago, GitGuardian specialists also analyzed the source code stolen from the Twitch streaming service owned by Amazon. Hackers got hold of this source code and published about 6 thousand internal Git repositories.
The researchers found about 6.6 thousand keys in these repositories, including AWS, Twilio, Google API, GitHub OAuth, etc.
According to a recent GitGuardian study, more than 6 million confidential data was compromised in GitHub public repositories in 2021.