CrowdStrike Insider Leaked Data to Hackers Before Firing
▼ Summary
– CrowdStrike fired a suspicious insider last month for allegedly sharing company information with the hacking group Scattered Lapsus$ Hunters.
– The hackers claimed to have breached CrowdStrike using data stolen from Gainsight, a customer relationship management company.
– CrowdStrike denied the hackers’ claims, stating their systems were never compromised and customer data remained protected.
– The company terminated the insider’s access after determining they shared screenshots externally and referred the case to law enforcement.
– Scattered Lapsus$ Hunters is a hacking collective known for using social engineering and previously claimed to have stolen over 1 billion records from major companies.
Cybersecurity firm CrowdStrike has confirmed terminating an employee last month after discovering the individual shared confidential company information with a well-known hacking collective. The incident came to light when a group calling itself Scattered Lapsus$ Hunters posted screenshots in a public Telegram channel, purportedly showing internal access to CrowdStrike’s systems. These images displayed dashboards with links to company resources, including an employee’s Okta dashboard used for accessing internal applications.
The hackers asserted they gained entry to CrowdStrike by exploiting a recent security breach at Gainsight, a customer relationship management platform utilized by Salesforce clients. According to their claims, stolen Gainsight data provided the foothold needed to infiltrate CrowdStrike’s network. However, CrowdStrike firmly denies these allegations, stating its infrastructure was never actually compromised.
A company spokesperson explained that the terminated insider had taken and shared photographs of his computer screen externally. Upon discovering this activity, CrowdStrike immediately revoked the individual’s access. The spokesperson emphasized that customer systems remained secure and protected throughout the incident, adding that the matter has been referred to law enforcement authorities for further investigation.
This event appears connected to a broader hacking campaign targeting multiple technology companies. Gainsight, the CRM provider implicated by the hackers, did not respond to media inquiries regarding the situation.
Scattered Lapsus$ Hunters is a hacking alliance composed of several notorious groups, including ShinyHunters, Scattered Spider, and Lapsus$. These actors frequently employ social engineering tactics to deceive corporate employees into providing system access or database credentials.
In a related development from October, the same collective claimed responsibility for stealing over one billion records from major corporations that use Salesforce for customer data hosting. The hackers published a dedicated leak site listing affected organizations, which included insurance leader Allianz Life, airline Qantas, automaker Stellantis, credit bureau TransUnion, and HR platform Workday, among others.
(Source: TechCrunch)
