CrowdStrike, a leading name in cybersecurity, has fired an employee after allegations surfaced that the individual shared internal company information with a notorious hacker collective. The decision came in response to claims made by the hacking group known as Scattered Lapsus$ Hunters, which published screenshots of purported internal CrowdStrike dashboards on its public Telegram channel. These images allegedly revealed links to sensitive company resources, including an Okta dashboard used to access internal applications.
According to the screenshots posted by Scattered Lapsus$ Hunters, the insider had privileged access to CrowdStrike’s systems. The hackers suggested that they breached CrowdStrike by leveraging data stolen from Gainsight, a customer relationship management (CRM) company. They claimed that information taken from Gainsight was used as a springboard to infiltrate CrowdStrike’s internal network.
Gainsight, for its part, has not publicly confirmed or detailed any direct involvement in the incident. The hacker collective’s public airing of this claim helped spark significant scrutiny from cybersecurity watchers and media alike.
CrowdStrike’s Response
CrowdStrike strongly denied that its systems were compromised. The company stated that there was no systemic security failure, and insisted that customer data remained protected throughout.
“Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” Kevin Benacci, a spokesperson for CrowdStrike
Additionally, CrowdStrike confirmed it has referred the matter to law enforcement agencies, elevating the case from a corporate discipline issue into a full legal incident.
The Hacker Collective: Scattered Lapsus$ Hunters
The group behind the leak, Scattered Lapsus$ Hunters, is not a single actor but a collective of several hacking organizations, including ShinyHunters, Scattered Spider, and Lapsus$.
These actors are known for using sophisticated social engineering tactics particularly voice phishing to manipulate insiders at target companies. According to public statements, they allegedly paid the CrowdStrike insider $25,000 in exchange for internal access. The insider reportedly provided SSO (single sign-on) authentication cookies.
The group also tried to purchase more sensitive CrowdStrike intelligence from the insider, such as internal reports on ShinyHunters and Scattered Spider, but reportedly didn’t succeed before the insider was terminated.
No Technical Breach But a Serious Warning
CrowdStrike clarified that it was never compromised. The matter involved an insider sharing screenshots, not any exploitation of vulnerabilities or system weaknesses.
This distinction matters. It suggests that CrowdStrike wasn’t compromised due to a vulnerability in its software or systems, but because of human behavior. The employee leaked data voluntarily, rather than through malicious exploitation of network flaws.
This isn’t the first time the Scattered Lapsus$ Hunters have made headlines for exploiting third-party vendors. The group claims to have leveraged a breach at Gainsight (which serves Salesforce clients) to gain access to other target companies. This echoes a larger trend in cybersecurity: attackers increasingly exploit supply-chain relationships to launch more damaging attacks.
By targeting smaller or weaker vendors first, hacker collectives can pivot into larger, more lucrative targets.
Going forward, CrowdStrike will likely tighten its internal monitoring and access controls. The company’s response immediate termination and a law-enforcement referral suggests it recognizes the severity of insider risk. For other organizations, this incident may serve as a wake-up call to reassess how they monitor privileged users and manage third-party integrations.
On the cybersecurity front, the episode reinforces the importance of zero-trust principles and rigorous vetting of internal users. Even trusted employees can pose major risks if incentives and motivations align with malicious actors.
For customers of CrowdStrike and other security vendors, the takeaway is subtle but critical: no defense is perfect when human factors are at play. As cybercriminals continue to evolve, companies must remain vigilant not just about outside threats, but internal ones too.



