[Update]: CrowdStrike later reached out to comment on the development, revealing that the gift cards in question were not being sent to its customers or clients. The spokesperson for the firm added that the gift cards had instead been sent to its teammates and partners – “who have been helping customers through this situation” – as a token apology.
“CrowdStrike did send these to our teammates and partners who have been helping customers through this situation. Uber flagged it as fraud because of high usage rates,” the spokesperson for CrowdStrike revealed.
[Original article]: A seemingly innocuous software update from cybersecurity firm CrowdStrike had plunged a significant portion of the globe into digital chaos last week. The incident, which resulted in millions of Windows devices being locked in an endless “blue screen of death” loop, caused widespread disruptions to critical infrastructure, from Windows, airlines and hospitals to banks and financial markets.
Now, CrowdStrike offered its affected customers a $10 Uber Eats gift card as a gesture of apology. “And for that, we send our heartfelt thanks and apologies for the inconvenience,” read an email from CrowdStrike, which was later posted on X by a customer. “To express our gratitude, your next cup of coffee or late night snack is on us!” However, even this seemingly simple act of contrition was marred by operational issues.
Many recipients reported difficulties redeeming the vouchers, with some finding them entirely invalid – trying to use the vouchers showed a screen telling them that the offer had been rescinded by the issuing party. CrowdStrike has yet to comment on this matter, and for now, it is unknown exactly how many clients received the voucher offer.
Speaking more about the recent outage, At the heart of the crisis was a faulty update to CrowdStrike’s Falcon sensor, designed to combat emerging cyber threats. the fallout was swift and severe. Airports in major cities experienced delays, hospitals were forced to postpone surgeries, and countless businesses were brought to a standstill. According to Microsoft, nearly 8.5 million devices were likely affected during the recent outage.
A subsequent investigation by CrowdStrike revealed a critical flaw in the update process. The company admitted to failing to identify a “problematic content data” issue within the software, which ultimately led to the catastrophic failure. “Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,” CrowdStrike commented on the matter.
To prevent this from happening again, CrowdStrike plans to improve its Rapid Response Content testing by using local developer testing, content update and rollback testing, alongside stress testing, fuzzing, and fault injection. Still, cybersecurity experts have been particularly critical of CrowdStrike’s decision to deploy the update to all customers simultaneously, rather than conducting phased testing. This approach, they argue, significantly increased the risk of widespread disruption. And now, the company’s subsequent attempt to mollify customers with a $10 Uber Eats gift card can be seen as inadequate, further exacerbating the crisis, even as it has been scrambling to salvage the crisis.