Cybersecurity giant CrowdStrike announced Wednesday evening that some of its private information on hacker groups had been leaked online. The hacker responsible, whose identity is unknown but goes by USDoD, has also threatened to release even more sensitive data.
CrowdStrike, a leading U.S. cybersecurity firm, is known for hunting and monitoring hacker groups to protect clients' computer systems.
The leaked data mirrors information that CrowdStrike has previously released publicly. It includes details on 244 hacker groups, specifying the month and year they were last seen, their activity status (retired, active, or inactive), country of origin, number of targeted industries and countries, and whether they are hacktivists, cybercriminals, or government operatives. The hacker also claimed to have stolen a list of “Indicators of Compromise,” which contains digital evidence used by cybersecurity experts to trace hacker activities. Although hackers often exaggerate or fabricate such claims, it is rare for a major cybersecurity company to acknowledge a threat without refuting it.
The hacker or group posted the internal database on BreachForums, a prominent English-language hacker forum. CrowdStrike mentioned in a blog post that the list was already accessible to “tens of thousands of customers, partners, and prospects — and hundreds of thousands of users.”
This incident follows a significant mishap by CrowdStrike, where an automatic software update containing a coding error caused an estimated 8.5 million Windows computers to crash. This error led to widespread disruptions, affecting everything from Paris Olympics ticketing to hospitals and airlines, particularly Delta flights. CrowdStrike stated that the leak was unrelated to the software glitch, adding, “Adversaries exploit current events for attention and gain.”
The leaked database, current as of June, was updated in July, indicating that the data theft occurred last month.
