CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters

Leading cybersecurity firm CrowdStrike recently confirmed it fired an employee for sharing confidential internal details with a major hacking group. This incident, which became public on Friday, shows that internal human risk can be just as dangerous as technical flaws.

The terminated employee, who CrowdStrike described as a ‘suspicious insider,’ was caught giving information about the firm’s private systems to a notorious collective called Scattered Lapsus$ Hunters. The stolen information, which was later posted as screenshots on the collective’s public Telegram channel, included images of internal dashboards. These visuals contained links to company resources, most notably an Okta Single Sign-On (SSO) panel. Simply put, the SSO is the main login page employees use to access their work applications.

However, CrowdStrike representatives strongly denied any successful technical intrusion. They clarified that the screenshots were just the result of the insider taking pictures of their computer screen and sharing them externally, not a systemic network compromise. Further probing revealed that the group ShinyHunters had allegedly offered the employee $5,000 for network access.

It is worth noting that while the hackers may have obtained some login information, CrowdStrike maintains that its security operations center spotted the unusual activity quickly, before any harmful access could be established. This led to the insider’s termination last month.

To read the complete article see: HackRead