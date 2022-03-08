The Mercado Libre company confirmed today through a statement the rumor that had circulated through social networks throughout the day: suffered an episode of cybercrime and hackers accessed the data of 300,000 of its users . Despite this, according to “an initial analysis”, the company founded by Marcos Galperín assured that there was no access to accounts or theft of passwords.

“We have recently detected that part of the source code of Mercado Libre, Inc. has been subject to unauthorized access. We have activated our security protocols and are conducting a thorough analysis”, said the Mercado Libre statement.

“Although the data of approximately 300,000 users (out of almost 140 million unique active users) was accessed, so far – and based on our initial analysis – we have not found any evidence that our infrastructure systems have been compromised or that they have been compromised. have obtained user passwords, account balances, investments, financial or payment card information,” the message added.

The company is “taking strict measures to prevent further incidents“, As reported.

Behind the hack appears a group known as Lapsus$, responsible for other episodes of information theft for extortion purposes. Lapsus $ published among his followers a poll inviting them to choose the next hack: “What should our next leak be?” The options were access to the source code of Vodafone, Impresa, or Mercado Libre, in which he detailed that he had accessed 24,000 repositories.

A few hours after the threat and in the face of viralization on social networks, Mercado Libre confirmed the attack.

Lapsus$ made the news a few days ago for another computer attack, this time against Nvidia, the world’s leading developer of integrated circuits and graphics technology processors. Nvidia was the victim of a cyber attack that compromised confidential company information. Lapsus$ took responsibility for the fact and said that it was able to extract 1 terabyte of data.

“We have no evidence that it is being implemented ransomware in the Nvidia environment or related to the conflict between Russia and Ukraine. However, we are aware that the threat actor took employee credentials and certain NVIDIA proprietary information from our systems and began leaking it online,” the company noted.

Ransomware, a form of cybercrime followed by Lapsus$ and other hacker gangs, consists of hijacking data using malicious software (malware) that encrypts files preventing the user from accessing the content. In this way, the data is hijacked, encrypted and inaccessible for the victim until ransom payment, generally through cryptocurrencies.

The episode forced Mercado Libre, a company listed on the New York Stock Exchange and included in the Nasdaq, the index of technology companies, to inform its investors. So he sent a note to the Security and Exchange Commission (SEC), the body that regulates the capital market, similar to the National Securities Commission in Argentina. This submission is known as the “8 K form”, through which the company informs those facts about its activity that may be relevant both for its shareholders and for the rest of the market and its regulatory bodies.

At the level of the Argentine market, the hacking of Mercado Libre comes at a time when it is developing an intense debate between banks and fintech for the security of the operations in which they interactas reported Infobae In the past week. The regulations indicate that transfers between bank and virtual accounts (such as those of Mercado Pago) must be made under equal conditions. Despite this, many leading banks put caps on these money transfers.

The banks’ argument to justify The limits on the transfer of money to fintech is that their security systems are not solid enough and that with the limits on transfers, illicit ones were reduced. They also explain that digital wallets do not always have a second “authentication factor”, that is, two ways to identify themselves. The first is by entering username and password; the second key can be a token, a text message, Google Authenticator or support the fingerprint, among other ways.

