CrowdStrike fires ‘suspicious insider’ who passed information to hackers

Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group.

A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed insider access to CrowdStrike systems. The screenshots, which TechCrunch has seen, show dashboards containing links to company resources, including a user’s Okta dashboard used by employees for accessing internal apps.

The hackers claimed in the Telegram channel to have compromised CrowdStrike through a recent breach at Gainsight, a customer relationship management company that helps Salesforce customers track and manage their own customers’ data. The hackers said they used information stolen from Gainsight to break into CrowdStrike.

But CrowdStrike says the hackers’ claims are “false,” and says it terminated the insider’s access after the company “determined he shared pictures of his computer screen externally.”

“Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” CrowdStrike spokesperson Kevin Benacci told TechCrunch.

Several other tech companies were allegedly hacked as part of the same campaign. Gainsight did not respond to TechCrunch’s requests for comment.

Scattered Lapsus$ Hunters is a collective of hackers made up of several hacking groups, notably ShinyHunters, Scattered Spider, and Lapsus$. The group’s members use social engineering techniques to trick employees into granting them access to their systems or databases. 

In October, Scattered Lapsus$ Hunters claimed to have stolen more than 1 billion records from corporate giants who rely on Salesforce to host their customer data. The hackers published a data leak site listing data stolen from companies, including insurance giant Allianz Life, the airline Qantas, carmaker Stellantis, credit bureau TransUnion, the employee management platform Workday, and others.