top of page
  • Writer's pictureNexix Security Labs

Hackers leak 190 GB of alleged Samsung data and source code

Recently, the data extortion gang Lapsus$ published a massive collection of confidential data, claiming to be from Samsung Electronics, the South Korean consumer electronics behemoth.

Lapsus$ released a 20GB document collection from 1TB of data taken from Nvidia GPU designer less than a week ago.

The extortion gang teased about revealing Samsung data with a snapshot of C/C++ instructions in Samsung software in a previous note.

Lapsus$ issued a summary of the imminent leak shortly after tantalizing their followers, claiming that it contained "secret Samsung source code" stemming from a breach.

  • Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)

  • Algorithms for all biometric unlock operations

  • Bootloader source code for all recent Samsung devices

  • Confidential source code from Qualcomm

  • Source code for Samsung’s activation servers

  • Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services

If the information above is correct, Samsung has had a big data breach that could result in significant financial loss.

Lapsus$ divided the disclosed data into three compressed files totaling about 190GB and uploaded them to a torrent that appears to be very popular, with over 400 peers spreading the content. The extortion organization further stated that it would boost the download speed by deploying more servers.

A brief explanation of the content contained in each of the three vaults is also included in the torrent:

Part 1 contains a source code dump as well as other information about Security/Defense/Knox/Bootloader/TrustedApps and other topics.

Part 2 includes a source code dump as well as info on device security and encryption.

Samsung GitHub repositories for mobile defensive engineering, Samsung account backend, Samsung pass backend/frontend, and SES are all included in Part 3. (Bixby, Smartthings, store)

It's unknown if Lapsus$ attempted to contact Samsung for a ransom, like they did with Nvidia.

For more information visit us on:

To schedule an audit you can contact us at:

Your Security | Our Concern

Recent Posts

See All


bottom of page