The threat actor known as Lapsus$ claims to be selling 180GB of internal data allegedly stolen from Ingka Group, the largest franchisee of the IKEA brand, operating hundreds of stores and digital channels across 32 countries.
Cybernews took a look at the claims. Here are the key findings:
- In the data sample, Cybernews researchers found roughly 6,300 directory names referencing internal tools, CMS platforms, and the IKEA Android app, but the actual contents of those directories remain unverified.
- IKEA has not officially confirmed the breach.
- The allegedly stolen data relates to source code, not customer records. The listing references internal source code repositories, e-commerce architecture maps, supply chain logistics systems, cloud infrastructure, and AI/MLOps repositories.
- Even without customer data, the leak poses serious security risks. Exposed source code could reveal unpatched vulnerabilities, internal system architecture, and communication patterns between applications, giving attackers a detailed roadmap for more targeted future attacks.
- The Lapsus$ gang has previously claimed breaches at Adidas, AstraZeneca, Microsoft, Uber and Vodafone.
For more information, here’s the full report: https://cybernews.com/security/ikea-source-code-data-sale-lapsus
Related
This entry was posted on June 2, 2026 at 9:01 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hacker group Lapsus$ claims to have stolen 180GB of internal data from IKEA franchisee
The threat actor known as Lapsus$ claims to be selling 180GB of internal data allegedly stolen from Ingka Group, the largest franchisee of the IKEA brand, operating hundreds of stores and digital channels across 32 countries.
Cybernews took a look at the claims. Here are the key findings:
For more information, here’s the full report: https://cybernews.com/security/ikea-source-code-data-sale-lapsus
Share this:
Like this:
Related
This entry was posted on June 2, 2026 at 9:01 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.