Cybersecurity giant CrowdStrike has fired a "suspicious insider" who allegedly fed company information to the notorious Scattered Lapsus$ Hunters hacking collective. The incident exposes how even top cybersecurity firms face insider threats, with the employee sharing internal screenshots before being terminated last month.
CrowdStrike just confirmed what cybersecurity experts have long warned about - sometimes the threat comes from inside the house. The company terminated a "suspicious insider" last month after discovering the employee was sharing sensitive internal information with hackers, marking a rare public admission of insider betrayal at a major security firm.
The breach came to light when Scattered Lapsus$ Hunters, a notorious hacking collective, published screenshots on their public Telegram channel showing what appeared to be insider access to CrowdStrike's internal systems. The images revealed employee dashboards, including Okta authentication portals used for accessing company applications - the kind of behind-the-scenes access that external hackers typically can't obtain.
"Our systems were never compromised and customers remained protected throughout," CrowdStrike spokesperson Kevin Benacci told TechCrunch. The company says it "determined he shared pictures of his computer screen externally" and immediately terminated access before turning the case over to law enforcement.
The timing couldn't be worse for CrowdStrike, which is still rebuilding trust after its global Windows outage earlier this year knocked out millions of computers worldwide. That incident, caused by a faulty software update, highlighted the company's massive reach across enterprise systems - making internal security lapses even more concerning for corporate customers.
Scattered Lapsus$ Hunters initially claimed they'd compromised CrowdStrike through the recent Gainsight breach, where hackers accessed customer relationship data. The group said they used stolen Gainsight information to break into CrowdStrike's systems. But the insider revelation suggests a more direct route - an employee willing to share access from the inside.
This collective represents a merger of some of cybersecurity's most persistent threats. Scattered Lapsus$ Hunters combines members from ShinyHunters, Scattered Spider, and the original Lapsus$ group - teams known for sophisticated social engineering attacks that trick employees into granting system access. Their recent campaigns have targeted data from over 1 billion records across customers.
