CrowdStrike dismisses ‘questionable employee’ for leaking data to cybercriminals.

Cybersecurity firm CrowdStrike has verified it dismissed a “suspicious insider” during the prior month who supposedly gave data concerning the firm to a well-known hacking organization.

A hacking group identified as Scattered Lapsus$ Hunters released screenshots late Thursday and Friday morning within a public Telegram channel that purportedly revealed insider access to CrowdStrike systems. The screenshots, which TechCrunch has reviewed, display dashboards featuring links to company resources, including a user’s Okta dashboard utilized by staff for accessing internal applications.

Within the Telegram channel, the hackers asserted they compromised CrowdStrike via a recent breach at Gainsight, a customer relationship management company assisting Salesforce customers in tracking and managing their own customer data. The hackers stated they leveraged information obtained from Gainsight to infiltrate CrowdStrike.

However, CrowdStrike maintains the hackers’ claims are “false,” stating it terminated the insider’s access after the company “determined he shared pictures of his computer screen externally.”

“Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” CrowdStrike spokesperson Kevin Benacci informed TechCrunch.

Several other tech companies were reportedly hacked as part of the same campaign. Gainsight has not responded to TechCrunch’s requests seeking comment.

Scattered Lapsus$ Hunters is a hacker collective composed of several hacking groups, most notably ShinyHunters, Scattered Spider, and Lapsus$. The group’s members employ social engineering techniques to deceive employees into granting them access to their systems or databases. 

In October, Scattered Lapsus$ Hunters alleged they stole over 1 billion records from corporate giants that depend on Salesforce to host their customer data. The hackers published a data leak site listing data extracted from companies, including insurance giant Allianz Life, the airline Qantas, car manufacturer Stellantis, credit bureau TransUnion, the employee management platform Workday, and various others.