The Lapsus$ hacking gang has claimed responsibility for gaining access to firm data from Nvidia, Samsung, Ubisoft, Okta, and even Microsoft in recent weeks, and according to a new Bloomberg article, an England-based teenager may be in charge of the operation.
According to Bloomberg, “four researchers researching the hacking organization Lapsus$ on behalf of firms that were targeted” believe the adolescent is the mastermind. The adolescent, who goes by the online handles “White” and “breachbase,” has not been charged by authorities, and the researchers “haven’t been able to clearly tie him to every hack Lapsus$ has claimed,” according to Bloomberg.
Bloomberg claims it was able to talk with the teenager’s mother for 10 minutes using a “doorbell intercom system” at his home, which is roughly five miles outside of Oxford University. The teen’s mother informed the magazine that she was unaware of the charges. Bloomberg said that “she refused to discuss her son in any manner or make him accessible for an interview, saying the incident was a concern for law enforcement and that she was calling the cops.”
However, Lapsus$ does not appear to be limited to the England-based adolescent. According to Bloomberg, one of the organization’s alleged members is a Brazilian adolescent, and seven different accounts have been linked to the gang. According to one person participating in the group’s study, one of the members is evidently such a skilled hacker that researchers assumed the job was automated.
A core member of Lapsus$, who may have used the names “Oklaqq” and “WhiteDoxbin,” according to cybersecurity expert Brian Krebs, also owned Doxbin, a website where users may publish or search for the personal information of others for the purposes of doxing.
This WhiteDoxbin individual apparently wasn’t the best admin and had to sell the site back to its previous owner, but he leaked “the entire Doxbin data set,” prompting the Doxbin community to dox WhiteDoxbin, “including videos allegedly shot at night outside his home in the United Kingdom,” according to Krebs.
This individual might possibly be linked to the EA data hack from last year, according to Krebs. The name “breachbase” may connect the person between Bloomberg and Krebs.