Cybersecurity firm CrowdStrike has confirmed it fired a suspicious insider last month. This employee is accused of sharing company information with a well-known hacking group.
A hacking collective called Scattered Lapsus$ Hunters published screenshots in a public Telegram channel. These images allegedly showed they had insider access to CrowdStrike systems. The screenshots displayed dashboards with links to company resources, including an employee’s Okta dashboard used for accessing internal applications.
The hackers claimed they compromised CrowdStrike by using information from a recent breach at Gainsight. Gainsight is a customer relationship management company that assists Salesforce customers. The hackers stated they used data stolen from Gainsight to break into CrowdStrike.
However, CrowdStrike says the hackers’ claims are false. The company stated it terminated the insider’s access after determining he had shared pictures of his computer screen externally. A CrowdStrike spokesperson said their systems were never compromised and customers remained protected throughout the incident. The company has turned the case over to relevant law enforcement agencies.
Several other technology companies were allegedly hacked as part of the same campaign. Gainsight did not respond to requests for comment.
Scattered Lapsus$ Hunters is a collective of hackers made up of several groups, including ShinyHunters, Scattered Spider, and Lapsus$. The group’s members use social engineering techniques to trick employees into granting them access to systems or databases.
In October, Scattered Lapsus$ Hunters claimed to have stolen more than one billion records from corporate giants that rely on Salesforce to host their customer data. The hackers published a data leak site listing information stolen from companies including insurance giant Allianz Life, the airline Qantas, carmaker Stellantis, credit bureau TransUnion, and the employee management platform Workday, among others.