Leading cybersecurity firm CrowdStrike recently confirmed it fired an employee for sharing confidential internal details with a major hacking group. This incident, which became public on Friday, shows that internal human risk can be just as dangerous as technical flaws.
Leaked Data Lands on Hacker Channel
The terminated employee, who CrowdStrike described as a ‘suspicious insider,’ was caught giving information about the firm’s private systems to a notorious collective called Scattered Lapsus$ Hunters.
For your information, this group is widely known as a supergroup, comprising members from other prominent hacking entities like Scattered Spider, LAPSUS$, and ShinyHunters.
The stolen information, which was later posted as screenshots on the collective’s public Telegram channel, included images of internal dashboards. These visuals contained links to company resources, most notably an Okta Single Sign-On (SSO) panel. Simply put, the SSO is the main login page employees use to access their work applications.
Hacker Claims Versus CrowdStrike’s Swift Defence
The hackers initially claimed that they gained access to CrowdStrike’s network by exploiting a third-party vendor named Gainsight, a platform often used by Salesforce clients for customer management. They also claimed to have received authentication cookies, which are small pieces of data that let you stay logged into a website.
However, CrowdStrike representatives strongly denied any successful technical intrusion. They clarified that the screenshots were just the result of the insider taking pictures of their computer screen and sharing them externally, not a systemic network compromise. Further probing revealed that the group ShinyHunters had allegedly offered the employee $25,000 for network access.
It is worth noting that while the hackers may have obtained some login information, CrowdStrike maintains that its security operations centre spotted the unusual activity quickly, before any harmful access could be established. This led to the insider’s termination last month.
A company spokesperson emphasised the firm’s successful defence, stating, “Our systems were never compromised and customers remained protected throughout.”
This entire episode is linked to a wider, aggressive effort by the Scattered Lapsus$ Hunters group, who have recently been attacking big companies by taking advantage of their contracts with outside vendors like Salesloft and Gainsight. CrowdStrike has since handed over the case to the relevant law enforcement agencies.