Cyber Incident Victim: Mercado Libre

On or around March 7, 2022, Argentinian e-commerce giant Mercado Libre experienced unauthorized access to a portion of its source code and user data. The incident came to light following a public poll by the extortion group Lapsus$, which threatened to leak data allegedly stolen from Mercado Libre and other companies. Mercado Libre confirmed the breach through a March 8 press release and SEC Form 8-K filing, disclosing that attackers had accessed source code repositories and information belonging to approximately 300,000 users. Initial analysis indicated no compromise of the company's core IT infrastructure systems. The organization emphasized that sensitive user credentials and financial data—including passwords, account balances, investments, and credit card information—remained unaffected based on available evidence.

Mercado Libre immediately activated security protocols following the breach detection and initiated a comprehensive forensic analysis. The company implemented strict measures to prevent further incidents while maintaining that operational systems continued functioning normally. With 140 million active users across 18 Latin American countries, the breach represented a significant security event for the region's largest e-commerce and payments ecosystem. The confirmed impact remained limited to source code exposure and partial user data access at the time of reporting, with no evidence suggesting broader system infiltration or financial system compromise. Mercado Libre maintained ongoing investigations to determine the full scope while coordinating with relevant authorities and stakeholders.