CrowdStrike gets hit with some more bad news

By Judy Sanhz Published July 25, 2024

CrowdStrike‘s situation doesn’t seem to be getting any better. Although most of the affected systems are back online, in a post today, the cybersecurity company mentions that a hacktivist entity has apparently posted some of its private information on the hackers it tracks online on BreachForums (the leading English-language hacker forum). The threat doesn’t end there, with the hacker responsible also threatening to release even more sensitive details.

The information posted includes facts like CrowdStrike’s list of 244 notable hacker groups. The sample data includes:

The hacker allegedly responsible (USDoD) also asserts to have swiped a list of “Indicators of Compromise” that contain information that cybersecurity experts use to determine a hacker’s methods in an attack. CrowdStrike also mentions in the post that the “Last Active” posts contain dates no later than June despite the Falcon portal’s last active date being as late as July 2024, indicating that the information may have been accessed last month.

CrowdStrike also says in its blog post that “USDoD also claimed in their post to have “two big dbs from an oil company and a pharmacy industry (not from USA).” It was unclear whether the post was linking the claims to have breached an oil company and pharmaceutical industry company with their alleged acquisition of CrowdStrike data.

CrowdStrike has been the center of attention lately for being responsible for the world’s most significant operating system outage, which was the result of a defect found in a Falcon content update. This outage left various industries, including the health, judicial, retail, and financial sectors, at a standstill, with airlines being hit the hardest.

The only airline not affected was Southwest due to using a very old version of Windows. However, the airline that struggled the most to get back on its feet is Delta Airlines, with repeated cancellations that have triggered a federal investigation.

Update: The original version of this article labeled the information posted as a “breach.” A CrowdStrike representative has since reached out to specify the following: