CrowdStrike Confirms Insider Threat Incident Linked to Scattered Lapsus$ Hunters, Fires Employee Amid Data Leak Claims
Published
Key Takeaways
- Insider action: Cybersecurity firm CrowdStrike has terminated an employee who allegedly shared internal information with an external hacking group.
- Hacker group claims: Scattered Lapsus$ Hunters claimed insider access, which CrowdStrike asserts was linked to an employee sharing screen images.
- Incident containment: CrowdStrike stated its systems were never breached and that the insider's access was terminated.
Cybersecurity company CrowdStrike confirmed it fired an employee last month for acting as a "suspicious insider" who allegedly passed information to a hacking group. The incident came to light after the Scattered Lapsus$ Hunters (SLH) collective began publishing screenshots on a public Telegram channel.
The images appeared to show internal company resources, including an employee's Okta dashboard. CrowdStrike was quick to clarify the nature of the event, distinguishing it from an external breach.
Has CrowdStrike Been Hacked?
According to the company, its investigation determined that the employee "shared pictures of his computer screen externally." The firm emphasized that its own systems were not compromised and that customer protections remained intact.
“Our systems were never compromised, and customers remained protected throughout,” a CrowdStrike spokesperson told TechCrunch.
The SLH collective claimed its access to CrowdStrike stemmed from the recent data breach at Gainsight, a third-party customer relationship management (CRM) vendor. “Gainsight was a customer of Salesloft Drift; they were affected and therefore compromised entirely by us,” a ShinyHunters spokesperson said.
However, the firm has refuted these claims by the hacker group, stating they are "false."
Implications for Cybersecurity Insider Risks
The case has been turned over to law enforcement, and it reinforces the need for robust internal monitoring, access controls, and employee vetting to mitigate such risks.
A recent Salesforce data theft via the third-party Gainsight was linked to the ShinyHunters group, which alleges the victim list comprises “almost 1,000” organizations, including LinkedIn, DocuSign, Malwarebytes, Verizon, GitLab, Atlassian, Thomson Reuters, SonicWall, and F5.
Last week, Logitech confirmed a data breach after CL0P Ransomware claimed it, impacting employees, consumers, and suppliers.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular