Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective.
The incident, which came to light last week, involved the leak of internal screenshots on a public Telegram channel operated by the threat group known as “Scattered Lapsus$ Hunters.”
The leaks surfaced when Scattered Lapsus$ Hunters, a self-proclaimed “supergroup” comprising members from Scattered Spider, LAPSUS$, and ShinyHunters, posted images purportedly showing access to CrowdStrike’s internal environment.
The screenshots, which TechCrunch reviewed, displayed internal dashboards, including an Okta Single Sign-On (SSO) panel used by employees to access corporate applications.
The hackers claimed these images were proof of a broader compromise achieved through a third-party breach at Gainsight, a customer success platform used by Salesforce clients.
However, the reality appears to be less about a technical breach and more about human vulnerability. Reports indicate that the threat actors allegedly offered the insider $25,000 to facilitate access to the network.
While the hackers claimed to have received authentication cookies, CrowdStrike maintains that its security operations center detected the activity before any malicious access could be fully established.
CrowdStrike swiftly addressed the claims, clarifying that the leaked images were the result of an employee sharing pictures of their screen rather than a systemic network intrusion.
CrowdStrike spokesperson said to Cybersecurity News, “We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally.
Our systems were never compromised, and customers remained protected throughout. We have turned the case over to the relevant law enforcement agencies.”
This incident is part of a larger, aggressive campaign by Scattered Lapsus$ Hunters, who have recently targeted major corporations by exploiting third-party vendors like Gainsight and Salesloft.
