Free market and Payment Market have been hacked by LAPSUS$, the Latin American group that made headlines for doing the same with NVIDIA and Samsung in recent days. In the case of these last two companies, they have also leaked and made public part of the stolen data. As confirmed by the Argentine company in a recent statement, the data of 300 thousand users have been compromised during the attack.
“We have recently detected that part of Mercado Libre’s source code has been subject to unauthorized access. We have activated our security protocols and are carrying out an exhaustive analysis,” says the statement released by the company shortly after 6:00 p.m. in Argentina. , and that shared the journalist Federico Ini on Twitter.
In the said announcement, Mercado Libre acknowledges that the data of 300 thousand users have been accessed by hackers. However, the company indicates that this is a minimum number considering that it has almost 140 million unique active users. “Until now […] We have not found any evidence that our infrastructure systems have been compromised or that user passwords, account balances, investments, financial or payment card information have been obtained.
Although information remains scant, LAPSUS$ claims to have Mercado Libre’s source code (or a snippet, at least) in its possession and plans to release it. The most striking thing is that this was known from a survey that the hackers themselves did on their Telegram channel; there they consulted their followers what the next leak should be, being Free market and Payment Market one of the options.
Despite the confirmation of the hack, much remains to be known about how it happened and what steps to take. Mercado Libre and Mercado Pago have a two-factor authentication system. It can be activated from both applications in My Account/My Profile > Security > Two-Step Verification; you can use a code by text message or Google Authenticator.
Mercado Libre’s delay in confirming this situation is still striking, taking into account that the first tweets related to the then alleged leak appeared on Sunday night. And although the first information related to the hacking went almost unnoticed in the Argentine press, with the passing of the hours there was a growing expectation in social networks around an official communication.
At the time of updating this article, there is still no mention of the event on the social networks of Mercado Libre and Mercado Pago. However, the same statement that was released to journalists – but in English – already appears on the website of the United States Securities and Exchange Commission (SEC).
With the hack confirmed, eyes are on LAPSUS$
According to a screenshot that was disclosed on Twitter, in addition to the source code of the Argentine company’s platforms, LAPSUS$ would also have gained access to those of Vodafone and Printed. The latter is a Portuguese media company, whose databases would also have been leaked.
In the specific case of Mercado Libre and Mercado Pago, the obtaining of 24 thousand software repositories is mentioned. The survey will close next Sunday, March 13, and there it will be defined whether or not the data stolen from the Argentine company comes to light on this occasion. Hours ago, Vodafone led the results with 60% of the votes and ML followed with 28%.
Mercado Libre, a Latin American giant under hacker threat
For those who do not know what Mercado Libre is, we are talking about one of the most important private companies in Latin America. It was founded in Argentina in 1999 as an eBay-style auction site, and since then it has grown relentlessly, making it the most valuable company in Latin America. In fact, at the beginning of 2021 it reached a valuation of over $100 billion; at that time, the rest of the Argentine companies on Wall Street combined did not reach half of their value.
Today Mercado Libre operates in more than a dozen countries, among which Mexico and Brazil stand out, and has more than 15,000 employees.
For its part, Mercado Pago has become one of the most important payment platforms in Argentina. We are talking about a service that has several aspects: on the one hand, it is used to process payments for purchases made on the Mercado Libre site; but it also has an important presence in the trade offline.
Mercado Pago allows you to pay in countless businesses (supermarkets, bars, restaurants, etc.) both through QR codes and with your own POS. And since we are talking about a virtual wallet, you can use the money that you have deposited in it or the credit and debit cards that each user can associate. The application is used to pay for services (electricity, telephony, etc.), load public transport cards, and even buy cryptocurrenciesalthough the latter is only available in Brazil.
But that’s not all, Mercado Libre’s payment platform allows users to invest their money to obtain returns and offers a MasterCard prepaid card. And it has also become a very useful option for carrying out solidarity campaigns. A few weeks ago, the influencer Santiago Maratea raised more than 100 million pesos in a matter of hours to buy equipment for firefighters fighting fires in the province of Corrientes.
