CrowdStrike Fires Employee for Leaking Data to Hackers

CrowdStrike Addresses Insider Threat and Alleged Data Breach

CrowdStrike, a leading cybersecurity firm, has publicly stated that a former employee, identified as a “suspicious insider,” was terminated last month. This action followed allegations that the individual disclosed confidential company information to a known hacking group.

Details of the Alleged Breach

A hacking group identifying as Scattered Lapsus$ Hunters disseminated screenshots via a public Telegram channel on Thursday and Friday. These images purportedly demonstrate unauthorized access to CrowdStrike’s internal systems.

The published materials, reviewed by TechCrunch, depict dashboards containing links to internal company resources. This included a user’s Okta dashboard, utilized by employees for accessing internal applications.

Claims of Exploitation via Gainsight

The hackers asserted that they gained access to CrowdStrike through a recent security incident at Gainsight, a customer relationship management company. Gainsight assists Salesforce clients in tracking and managing customer data.

According to the hackers, data obtained from the Gainsight breach was leveraged to infiltrate CrowdStrike’s network.

CrowdStrike’s Response

CrowdStrike has refuted the hackers’ claims, stating they are “false.” The company confirmed that the insider’s access was revoked after it was discovered he had shared screenshots of his computer screen with an external party.

“Our systems were never compromised, and customers remained protected throughout this incident,” stated CrowdStrike spokesperson Kevin Benacci to TechCrunch. “The matter has been referred to the appropriate law enforcement authorities.”

Wider Campaign and Affected Companies

Reports indicate that several other technology companies were also targeted as part of the same hacking campaign. Gainsight has not yet responded to requests for comment from TechCrunch.

About Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters is a collective comprised of multiple hacking groups, including ShinyHunters, Scattered Spider, and Lapsus$. They commonly employ social engineering tactics.

These tactics involve manipulating employees into granting unauthorized access to systems or databases.

Previous Data Breaches

In October, Scattered Lapsus$ Hunters claimed responsibility for stealing over 1 billion records from major corporations that utilize Salesforce for customer data management.

A dedicated data leak site was established, listing compromised data from organizations such as Allianz Life, Qantas, Stellantis, TransUnion, and Workday.