Seven people ranging from ages 16 to 21 have been arrested by police in the United Kingdom for having connections to the infamous Lapsus$ group. Over the last month, the hacking group has claimed responsibility for breaching the security systems and stealing code and confidential documents from numerous tech companies including Nvidia, Microsoft, EA, Ubisoft, Samsung, and Okta.
What do we know so far about the Lapsus$ group hack arrests?
The arrests come after an initial report on Bloomberg which revealed that a teenager residing in Oxford, U.K. had come under suspicion of being one of the masterminds of Lapsus$ group. Going by the online monikers “White” and “Breachbase,” the 16-year-old was tracked down easily as he was doxxed by rival hackers.
The teenager had been the owner of a site called Doxbin, where people can search for personal information on others, according to a report on TechCrunch. However, when he relinquished control over Doxbin, he decided to leak the entire data set of the site to Telegram, prompting the community to reciprocate by releasing the teenager’s personal information such as his address and social media photos.
It is unclear whether this 16-year-old is one of the seven arrested in connection with Lapsus$ group, but Bloomberg reports that the teenager has not been publicly accused by law enforcement of any wrongdoing thus far.
Security researchers say that the 45,000 subscribers to the Lapsus$ group Telegram channel make a habit out of not covering its tracks. Indeed, Microsoft released a security-related blog post indicating that the organization uses brazen tactics and social engineering hacks to gain the credentials of various employees within the companies they seek to hack. They also enjoy trolling their victims, going as far as joining Zoom conference calls of those companies to flaunt their security breaches.