‘ On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”’
Kitboga is a well-known streamer whose entire schtick is wasting scammers' time. He uses a voice changer and has a very thorough setup of fake websites including Google, the Google Play store, a bank, and more, as well as fake screen sharing tricks that show him exactly what a scammer is trying to do when they use a remote-access tool to access his system. When they use their RAT to black out his screen so they can hide DOM manipulation in the browser or something, he can actually watch them do it.
In the video above, at about 53:00 in, Kitboga "redeems" the fake Google Play Store card that he "bought" rather than letting the scammer copy the numbers.
One thing he's shown many times is how persistent scammers can be. One time he hit the password reset on his fake bank and made the scammer help him solve a password game. https://youtu.be/wkLPk2tmyNI
Am I correct in interpreting that they canceled a multi-use code after it was shared publicly? I think that would be quite reasonable and an insignificant offense compared to pushing code that breaks your clients' computers or offering $10 of compensation for having done so.
This is definitely worse than no gift card. Insulting. A general maxim: When something is a big deal, your response should make a bigger deal out of it than the complaints. $10 says "We don't think this matters." Now watch as everyone explains precisely why it does. PR 101 fail.
More like..."We recognize that we have a moral, ethical, and likely legal obligation to make things right and pay back the damage we have caused...but we're not going to."
“We are sorry. We really messed up with this deployment. In fact, we’ve questioned whether we should be alive, or whether we should have even been born at all. Heck, maybe none of this should exist.”
The only way I can imagine one-upping the detractors at this point.
Heh, at my last job my store was breaking all sorts of profit records and generally put every other store in the district to shame. I don't need to tell you that we worked hard for that.
Corporate sent us a $25 gift card. Not for each of us, one $25 gift card for a team of 8 people. We had made well over three million in sales that year. Felt like a slap in the face for a job well done.
This reminds me of something that happened at a former employer. After I had been employed there for a couple of years, someone in HR or Legal noticed that the programmers had never signed any "our code belongs to the company" agreement. So they asked us to sign a paper to that effect, and gave us each a check for $20. My thought was that I always assumed the company owned this code, but if they were going to pay for it, then $20 was waaaay too little. Anyway I took the $20, signed the paper, and got back to work. But it always gave me a chuckle.
Any contract requires consideration. Without it, it's not a valid contract. It doesn't require fair consideration, so a clause giving e.g. $1 is typical for many contracts. They were nice and bumped it up to $20.
I suspect your work DID belong to the company already, under work-for-hire doctrine, but an explicit contract avoids that ambiguity. Ambiguity can be bad and super-expensive, whether during litigation or even something like an audit. If someone is buying a company, investing, making a major loan, that's the kind thing which comes up in due diligence and can be annoying.
So I don't think they were paying you for the code, so much as trying to come into compliance. Very likely, this was triggered by some similar audit for some deal they were trying to make.
Interesting. I worked for a company that got bought by another company. Pretty much everyone was a salaried employee with a standard employment contract. There was no formal rehire process, but at some point the new company did the same thing as OP's company, saying that anything we produce at work or with work resources belongs to the company. But with an added "no moonlighting" clause.
We did not get any consideration, cash, or gift cards. Instead we were told that if we didn't sign the new company's mandatory agreements, our employment status could be up for review.
That's exactly it. The $20 is not an assessed value of the code; it's to establish consideration. $1 would have been legal. It's legal to make asymmetric contracts that benefit one party more than the other, just not contracts that are completely one-sided. They probably did $20 just so it wouldn't seem quite as insulting.
Anytime you see stories of "[insert name of rich CEO or politician] takes salary of only $1", that's why. They can't work literally for free, or the rest of the contract becomes nonbinding.
Watch out for "work-for-hire doctrine" erm... assumptions.
Last time I looked work-for-hire law only takes effect if there is explicit mention of the term "work-for-hire" in the contract, otherwise it's not "work-for-hire". And I have never seen a contract actually mention "work-for-hire".
Do current employment contracts state "work-for-hire"?
Ohhh, I was wrong. Seems there are two categories where work made for hire applies. One is specifically for work made by an employee (with some constraints / definitions on that) for work made within their scope of employment. The other category requires explicit mention of "work for hire".
So that a conventional employee is covered, but a contractor / consultant with a separate business probably isn't.
Consideration is generally money (but more generally and dangerously something actually received in exchange for giving away something else in the contract.) It can't be a binding contract if there is no exchange such as merely signing away the code.
If you are assigning me some rights or an entire piece of IP, I must provide you with some consideration (monetary compensation) for that to be a valid contract. You cannot simply “gift” it to me.
So I would, as part of the contract, hand over $1 or $20 to establish that I have skin in the game and have paid for this contract be valid. The consideration could be stock and other things, but it can’t be null.
At arm's length mean, it must be an adequate amount. For example, I can sell a 10 Million dollar home in most jurisdictions to you for 1 USD. While this contract may be valid, it may create tax liabilities because the tax authorities will say this was not a sale, this was a gift.
As a counter example: In many jurisdictions, a work contract that specifically request lots of overtime or forbids working for a competitor in the future would require a significant extra payment and not 1 USD. 1 USD would not be considered at arm's length.
Sure, agreed. That is not the case that is being referred to here, where someone was assigning over IP that they had built while employed by the company but without an explicit agreement about who owns that IP. In this case, $1 or $20 would have been completely fine, as it was consideration for past IP. The work had already been paid for (salary, benefits, etc).
* Contract law does not require arm's length. A contract for $1 is okay.
* Tax law may require arms length.
* I've never heard of arm's length in employment law, but there are laws which lead to what you describe (e.g. mandatory overtime pay, minimum wage, etc.). In some jurisdictions, there are limitations on how much an employer can change the terms of employment. If you hire me for $100k, and after I quit my old job a week into the new one, you give a pay cut to $80k and otherwise change the terms of the deal, that might not be okay.
The comment was US-specific. Similar doctrines are found though in Canadian, British, and continental European (though not so much in Scandinavian systems which often do allow totally one-sided contracts in the idea that promises are binding but with other limiting factors).
The idea in systems which have this rule is that contracts are exchanges of promises and there must be an exchange in order to be valid.
This is also why companies will reward employees filing a patent application with a silver dollar. It's a nice token of appreciation but also fulfills the contract aspect of assigning rights.
Salary in this case would serve as the consideration for the work they perform, but lawyers love making things as explicit as possible (understandably).
They already paid you for the code, so it's already theirs, they are just making it explicitly stated. If you don't sign it, they end your employment. And the odds of them willing to lose employment over this and trying to claim the company's code as their own and that getting to court is near non-existent. But again as I said, lawyers like to make it explicit.
I agree with all of this, just my objections was to claiming the consideration being "the salary you already agreed to in order to sign your employee agreement" would not work therefore the token $20 amount.
You think the $20 was consideration, and yet you think they were not paying for the code? Aren't these the same thing?
> Ambiguity can be bad and super-expensive
If the corporation had some ambiguity in their favor, I expect they would call it "value" and ask for as much as they could get to remove it. But if the ambiguity is in favor of an employee or client, let's remove it for a token $20. Ugly society this one is.
$20 consideration for reducing legal ambiguity around code they already own. Even if it's almost guaranteed to roll in favor of the employer, simply having to litigate it is enormously expensive. Such litigation would be detrimental to everyone but the lawyers, but that won't stop people from thinking they have a case.
I'm with you, companies will always look out for their own interests, but when clarification minimizes logistical waste, it's possible to benefit everyone.
The ambiguity is not in the favor of anyone except lawyers. As an employee, you can:
1) Spend $100k in litigation to discover your boss owns the code
2) Get $20
Fights don't benefit anyone. Some companies would act like dicks and "ask for as much as they could get to remove it," but in most cases, that's not what happens either. A company like that would never get repeat business. Coincidentally, some employees do the same, with similar consequences. And there are employers everyone knows not to work for.
Resolving this sort of thing for a buck -- in the way a court would rule -- is really standard common-sense practice.
My friends and I contracted to a company in 2004 to build a text message system. The company decided they didn't want to pay us the last month's bill. They'd spent all their money buying a custom Harley as a prize for the customers and now had nothing left.
We met with their CEO+CFO+lawyers and our lawyers. They were adamant they wouldn't pay the last payment. We pulled out our contract and showed they didn't own any of their code because there was no IP transfer in there. They said "We need a minute." We left the room, came back in and there was a check for the outstanding balance in the middle of the table.
This is because it's a contract oddity - if they told you to sign it but offered nothing; you could challenge it in court, and the courts have often said a "one-sided contract" is not valid (e.g., you give me copyright I give you nothing).
The $20 is "due consideration" - just like how some deals involve selling an item for a dollar.
I wonder when we'll start to have some estimate of indirect/direct death toll. This took down several 911 type services and hospitals, some reported imaging down, some being back to paper and pen at ER.
At least their domain is descriptive, that article is much to do about nothing -- civil cases aren't criminal cases with a boolean outcome. The award isn't recognition that the life was worth $4, it is a recognition that the defendant did just about nothing wrong.
50 years from now, unclassified documents reveal that crowdstrike was secretly a CIA controlled business which was operating an offensive botnet created for the anticipated cyberwar, with a peacetime cover story of being security software with automatic updates. Everybody rolls their eyes and asks how anybody ever fell for that when the name openly says what it is.
Probably bullshit, but honestly... Wtf is up with the name?
It's a dumb name and I've already wasted a considerable amount of time looking for an explanation but to no avail. Sounds like something a group of seven year old boys would come up with because it sounded cool.
Why do you think this is BS? It perfectly explains the name and also why something like this is installed so ubiquitously and still installed despite such a massive screw up. Also offensive capabilities need wide deployment just as much as defensive. Cybersecurity and cyberwar is a real thing, and surely DDOS botnets are a core part of that.
Maybe it's controlled by the CIA, or maybe just has a quiet contract with USCYBERCOM and/or ARCCYBER.
I mean, people don't seem that concerned about all of the nuclear missiles and submarines, aircraft carriers, and US military bases everywhere. Computers and the internet are now part of that and have been for quite awhile. If you are invested in this system then you probably want that dominance to continue (otherwise you should probably start learning Chinese). In which case we probably need something like a "crowd strike" widely deployed on the monopoly OS so that we have offensive capabilities.
If you don't like that idea then why use Windows at all? Use Linux at least.
I don't think this is really conspiracy theory territory unless you are in denial that cyberwarfare exists or that the US must participate in it.
I've begun referring to them as ClownStrike, given that so far they have seemed to act more like a bunch of circus clowns than an actual knowledgeable entity.
This tone deaf offer just reinforces the impression that they are just a bunch of clowns.
Not quite enough? The last time I had a "discount" for Uber Eats, it was a $15 meal with so many fees on it that AFTER the $30 discount, I still needed to pay $35. Cancelled.
Yes, Uber Eats is so expensive it feels like they could give away $10 vouchers and still make a handsome profit. I wonder how much CrowdStrike paid for these vouchers? Surely nothing like $10 each.
Maybe someone in Uber's marketing department was very clever and saw this opportunity. "He Crowdstrike, we see that you are having a bad week. How about we help you out with free gift cards for your customers. That will help fix up the relationships". Or maybe they even paid Crowdstrike.
£7.75 GBP, ill admit i haven't used Uber eats in years because the prices are insane but im not sure that covers much more than the delivery fee.
(Also, people who want McDonalds 20 minutes after it was remotely edible and shaken to shit on the back of a moped, who are you? I see the bikes everywhere but have never met one of you irl)
A girl I went to school with in the American South is now a reporter in the Midwest. She was supposed to go home for a brief visit to see her family, but Delta canceled her flight due to the CrowdStrike outage. A few days later her father was murdered by a disgruntled customer while working at his jewelry store in their hometown.
What an awful coincidence. I can’t even imagine how it must feel to have a freak technical accident deprive you of seeing your father for the last time.
This would happen with literally anything. Bus is late and you miss the flight. Weather is bad, flight gets delayed. You eat out and get food poisoning, can't get the flight.
Anything could have caused that really. Still very unfortunate but c'est la vie sometimes.
I agree. My desired tone for my comment was less “CrowdStrike is evil” and more “the universe, through its indifference to you, can be very cruel and absurd”
It could have happened with anything, but instead, it happened because a company run by a guy with a multi-billion-dollar net worth couldn't be bothered to check if the software they were shipping actually worked.
Exactly. A preventable action by a company resulted in this. It wasn't a tornado, a hurricane, an asteroid, or aliens from another planet. Crowdstrike played stupid games and now they're going to win a lot of stupid prizes. They're responsible for the harm they inflicted on the world - the amount of handwringing apologia on their behalf is staggering. Companies and the people who run them absolutely need to be held accountable concomitant with the level of harm they inflict.
Think about this: Someone came up with that idea. A group of people probably approved it. Someone else had to purchase those cards or set up the job to send them to customers.
At no point did anyone think "this doesn't seem like the right response, I should warn someone further up the chain". Probably due to the idea coming from further up the chain.
And those ubereats/doordash/grubhub cards are worthless because $10 won't get you a thing, you'll need to spend another $30. Which is why corporate always buys those because I am guessing they're much less than $10 to buy.
I think the closest level of Brand disaster in our times would be the Deepwater Horizon oil spill.
In that case, BP basically threw away their consumer brand in the US - they turned every single BP station into an Arco station (their subsidiary, "lower quality" brand at the time). Then they sold off or spun down a huge portion of their businesses to set aside money for legal fees.
I don't know if Crowdstrike really has any other options at this point. The amount of legal liability the company is going to be under will be staggering and the brand reputation is worse than worthless.
> The amount of legal liability the company is going to be under will be staggering and the brand reputation is worse than worthless.
Citation for legal liability Crowdstrike has?
Re reputation - I've read this about all sorts of annoyances that had real economic impact, i doubt this will make crowdstrike worthless any more than:
* MS became worthless after Code Red or Slammer or any of the other late 90s/early 2000s breaches.
* Apple became worthless after the iPhone that requried you to hold it a certain way while talking
* Toyota became wortheless after the unintended acceleration issues
* Facebook became worthless after screwing up the internet for a day.
* Amazon become worthless after US-EAST went down screwing everyone over for an afternoon (pick a time).
* Norfolk Southern became worthless after the east palastine derailment.
* A thousand others....
This issue wasn't as impacting as many of those - some computers were down for a few hours and it made a mess. It takes a lot more than that to destroy a company or their brand reputation. Look how many people choose comcast- even in areas where there is good competition with fiber from a local reputable ISP.
Crowdstrike (unless it is a front of some sort) has absolutely not resilience as these other businesses, expecially after such blunder for a "security" company
But no one was hacked? Some computers were down for a little bit, but no breach occurred, no data was trashed or leaked, no unauthorized access was gained. This wasn't a security event. In fact, for huge numbers of systems going offline is a far better alternative than say, failing open.
Look at other security related companies of similar age and entrenchedness...
Okta was breached twice by bad auth on their ticketing system. They are an auth company. This led to other hacks. They still are doing OK, with growing revenue.
Solarwinds was breached and became the attack vector for several major hacks. They are still doing OK - in fact revenue has grown since then. (although solarwinds is much older).
Cloudflare has caused major outages - their revenue has grown too.
And on and on.
Crowdstrike has had a rough 2024. They are also still the company that was called in to consult on breach after breach for the last decade+. If they get their shit together, next month at defcon Crowdstrike people will likely be drinking for free (and being the butt of some jokes). By next year few people will even remember this, and very very few will be uspet/angry about it. A huge number of affected IT people are already looking at it as "haha those guys messed up" and not even thinking about "how do we get off crowdstrike". No software is perfect, and very little of it is even any-good - people are willing to give those who make generally decent software (and have an otherwise good reputation) a lot of slack.
I could be wrong, but I really doubt this kills the company or the brand rep.
Maybe it depends on where you live/how strong their brand presence was. But they completely pulled out of the West Coast at least. I watched them tear down BP signs and put up Arco signs a month after the spill.
I thought this was a typo. In the Chicago area, all the Amoco stations were rebranded BP before the Deepwater Horizon disaster. They remained BP afterwards to the best of my recollection.
ARCO is apparently a gas station brand owned by Marathon but also resells BP in a few west coast states.
Amoco, ARCO… naming things is hard I guess even outside computer science.
Many years ago I worked at a financial company that offered various investment opportunities to customers.
Which was based on cold calling people who in general did not need them
and telling them they did.
(I was young and innocent at the time, and I didn't figure this out right away)
(I had not even seen boilerroom)
I worked in IT.
We created a fantastic tool (it really was) that managed the entire process.
You could put someone in front of a screen, given them a phone and the software
would guide them.
1. Name, address, number to call.
2. Script for selling, whith branches depending on how the conversations was going.
Obviously we could only cover small subsets of possible paths.
(but it was reasonably good, since the conversations tended to be much the same)
Let us say the conversation went well.
In order to make the sale, a number of government and financial forms had to be
filled out,
3. Highly guided and simplified data entry that would at the end of the process
cause all forms and documents to be issued.
4. As part of the process prompts for specific things the customer had to be told
to be in compliance
5. Documents go out by Fedex.
(then some boring stuff)
The concept was that you could take someone off the street, who had no training or
understanding of the product or financial matters etc etc, put a phone in front of
then start the software and bang.
The reason I have bored you dear reader with all of that is coming up.
At Christmas bonuses were paid out.
People in sales got some huge $$$$$ cash bonuses and there were some expensive
gifts in there as well. Including a horse,.
Makes sense.
The IT department...
We got coupons for 50% off at Heavenly Ham. (or something like that).
Curious who gets one. Like, a big company (airline, bank, etc) that had to hand touch 10,000+ devices across the world.
Crowdstrike is sending what? Like 15 $10 cards to the little area in IT that handles desktops/kiosks/atms/etc? Or the to the Cyber area that bought it, but mostly wasn't saddled with fixing the issue?
People are just piling on here and I suspect there is a misunderstanding because this makes zero sense. The article is based on 4 tweets, 3 of which no longer exist. It’s a poorly researched and poorly written article based on largely non-credible sources.
Specifically, “partners” were getting gift cards and there is no mention of customers. It sounds more like they were throwing around gift cards to channel partners, MSP’s, contractors, etc. It’s still tone deaf but a far cry from a $10 apology to customers.
I suppose you are downvoted because your last statement is not necessarily true. But you are right that the post is vague about how many people exactly received a gift card, since it only says that "partners" received a gift card. The thought that CrowdStrike sent one $10 gift card per partner company is hilarious. They botched the update and apparently they botched this narrative too.
Well, I'm not a CrowdStrike customer, so I'm not entitled to any gift cards anyway, and I'll refrain from asking snarky questions like "is that per organization, per affected PC, or per minute of wasted support time?"
Instead, let me offer the following, alternative snark: "If I were to share with you the secret of renaming your C-*.sys files to C-*.tmp prior to trying to ingest them, so that if you crash while doing so, you will not repeat that mistake right after rebooting, how many US$10 gift cards is that worth? Keeping in mind, of course, that is, like, 2 hours of parking where I live?"
As if a $10 gift card is anywhere near compensating enough for people impacted by their incompetence. Some people were impacted by delayed flights. Some people were impacted by degraded medical care.
Distributing $10 gift cards is so obviously wrong I can't even comprehend how it was approved.
I wonder how much money in total they represent, and if CrowdStrike would have come out better saying "We've immediately allocated $X amount of funds to making sure this issue won't happen again" instead of dividing in x * $10 uber eats insults.
People in crisis mode do stupid things. This is why the first thing you should do in a crisis is wait a few seconds. Then calm down and think things through. Evidently they never got this memo.
There was a musician in my town who passed a hat after each show, and he said, "put in whatever you wouldn't be embarrassed to accept if someone gave it to you."
I can see someone thinking $10 was a nice idea, but letting the impact settle a bit before narrative reingagement would have seemed wiser. Interesting to think about what to do instead though. Thought of discounts on renewals or account credits, but anything that seems like bargaining is going to get flak. In terms of who was really affected by the outages, maybe demonstrate recognition by donating to a PTSD or family support charity. wonder what thinking of each customer is a person in a family would do to tech product decisions in general.
Well I find the gesture really nice. 10 USD per node that went into a boot loop, this will be a very, very good dinner for the team who worked on the recovery, for years to come. Not sure why everyone is complaining.
This gives me early career PTSD. I once reduced monthly operating cost by six figures and the company responded by buying the office a pizza from Sam's Club as a reward.
My girlfriend has taken a few management courses for her Master's degree, and they unironically used "Pizza Party" as a suggested way to improve employee morale.
The Management class is so far removed from reality they can't even see when they accidentally write their own satire.
People are giving them grief, but you have to realize that the cost of $10 gift cards for all billion or more affected people on the planet, would quickly add up.
It seems to me that this is what happens when you have nobody in leadership who can do crisis management.
First thing you do in a crisis? Take a few breaths and calm down. Take the pressure off of yourself. Agree to a timeline and start gathering ideas. Brainstorm. Engage in risk assessment. Then decide, act, and re-evaluate.
How many people they indirectly killed, I saw somewhere number around 1000? Based on amount they are/were going to splash for it, one can calculate cost of human life to them (not even going into other damages). That company ain't even funny anymore.
What fraction of the reporting is "CrowdStrike" versus "CloudStrike"? The first reporting I heard was "CloudStrike", but the company appears to be "CrowdStrike".
It'll be interesting if Cloud vs Crowd emerges as a Mandela Effect.
Other examples include memories of the respective title component of the Berenstain Bears children's books being spelled "Berenstein", the logo of clothing brand Fruit of the Loom featuring a cornucopia, Darth Vader telling Luke Skywalker, "Luke, I am your father" in the climax of The Empire Strikes Back (he actually says, "No, I am your father" in response to Skywalker's assertion that Vader killed his father), Mr. Monopoly wearing a monocle, and the existence of a 1990s movie titled Shazaam starring comedian Sinbad as a genie.
Lol I wouldn't know this because I don't have any meal delivery app services near me but I suspect that $10 barely covers the taxes/fees/tip for a meal via Uber Eats
This is the greatest. Who authorized this redemption strategy? Please walk them to the door. If it was the CEO - I'm sure they are already figuring out their exit.
No big deal. Crowdstrike is a poor company. Not much value to leverage. New company takes over and inserts their superior product. And bring value to their company.
If I'm ever part of a company that causes an outage like this I will resign immediately and offer to help as a consultant for an immediate 5-figure cash retainer. I can't imagine how many devs at CS likely went into full overdrive and aren't getting paid for it.
reminds me of time an AI startup offered me a $50 gift card to do something for them. a $50k contract would have been more appropriate. I told them to take a hike (diplomatically worded.)
Yes, but the fact that it is blocked makes it perfectly appropriate to the situation. You don't expect Moe Howard to kiss you after sticking his fingers in your eyes, you expect him to box your ears.
╰( ^o^)╮ CrowdStrike forwarded me a VERY SLICK refer a friend code that got me a $5 cash bonus no questions asked and them a little something something too for registering a new Cash App account today! $$$ ╰( ^o^)╮
So cool much appreciated CS ~~ good lookin out ! I even beat my coworker to the code he was so mad lol
Now $10 on Uber Eats? Hope I can redeem that code before one of you losers does… Last one there is a rotten egg!
So randooom heheh aww we like to have fun . My boss is so mad that we had no production for 20 hours, but stuff happens what can you do D;
