CrowdStrike fires a “suspicious insider” who passed information to hackers

Cybersecurity giant CrowdStrike has confirmed the firing last month of a “suspicious insider” who allegedly provided a notorious hacking group with information about the company.

The hacking group known as Scattered Lapsus$ Hunters posted screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed internal access to CrowdStrike’s systems. The screenshots, seen by TechCrunch, show dashboards with links to company resources, including Okta’s user dashboard that employees use to access internal applications.

Hackers in a Telegram channel claimed to have compromised CrowdStrike through a recent hack at Gainsight, a CRM company that helps Salesforce customers track and manage their customer data. The hackers said they used information stolen from Gainsight to break into CrowdStrike.

But CrowdStrike says the hackers’ claims are “false,” and says it terminated the insider’s access after the company “determined he had shared images of his computer screen externally.”

“Our systems were never compromised and customers remained protected the entire time. We have referred the case to the relevant law enforcement agencies,” CrowdStrike spokesperson Kevin Pennacci told TechCrunch.

Several other tech companies were allegedly hacked as part of the same campaign. Gainsight did not respond to TechCrunch’s requests for comment.

Scattered Lapsus$ Hunters is a hacker collective consisting of several hacking groups, most notably ShinyHunters, Scattered Spider, and Lapsus$. Members of the group use social engineering techniques to trick employees into giving them access to their systems or databases.

In October, Scattered Lapsus$ Hunters claimed to have stolen more than a billion records from giant companies that rely on Salesforce to host their customer data. Hackers posted a data leak site listing data stolen from companies, including insurance giant Allianz Life, airline Qantas, carmaker Stellantis, credit bureau TransUnion, employee management platform Workday, and others.