CrowdStrike, one of the world’s most prominent cybersecurity firms, has confirmed that it dismissed a former employee last month after discovering that he had allegedly shared internal information outside the organization. The action followed claims from a cybercriminal collective asserting they had gained access to CrowdStrike’s internal systems.
Late Thursday and Friday morning, a group identifying itself as Scattered Lapsus$ Hunters posted screenshots in a public Telegram channel that purported to show privileged access to internal CrowdStrike dashboards. TechCrunch reviewed the images, which included what appeared to be a user’s Okta dashboard, the identity management platform CrowdStrike employees use to log into internal tools and services.
The hacking group alleged that the access originated from a separate breach at Gainsight, a customer relationship management platform that works with companies like Salesforce. According to the hackers, data stolen from Gainsight enabled them to infiltrate CrowdStrike.
However, the cybersecurity company disputed those claims, stating that the incident did not involve an external hack. CrowdStrike said the individual in question only shared photos of his computer screen, and no systems or customer information were compromised.
“Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,”
CrowdStrike spokesperson Kevin Benacci told TechCrunch.
The company also emphasized that the claims made by the hackers are “false” and that it acted quickly to terminate the insider’s access once the policy violation was detected.
The same cybercriminal collective has also taken responsibility for breaches involving multiple other technology companies. Gainsight has not issued any comment on the incident despite media inquiries.
Scattered Lapsus$ Hunters is a collaboration between several notorious hacker groups, including ShinyHunters, Scattered Spider, and Lapsus$. These groups are known for using aggressive social engineering methods to gain entry into corporate networks, often by tricking employees into handing over credentials.
Just last month, the group claimed to have exfiltrated more than a billion customer records from corporations using Salesforce infrastructure. A leak site launched by the group listed compromised data belonging to companies such as Allianz Life, Qantas, Stellantis, TransUnion, Workday, and others.
The incident underscores the growing threat of insider risks in cybersecurity — even for companies whose core mission is to prevent such breaches.
