CrowdStrike fires ‘suspicious insider’ who passed information to hackers

Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group. A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed insider access to CrowdStrike systems. The screenshots,which TechCrunch has seen, show dashboards containing links to company resources, including a user’s Okta dashboard used by employees for accessing internal apps. The hackers claimed in the Telegram channel to have compromised CrowdStrike through arecent breach at Gainsight, a customer relationship management company that helps Salesforce customers track and manage their own customers’ data. The hackers said they used information stolen from Gainsight to break into CrowdStrike. But CrowdStrike says the hackers’ claims are “false,” and says it terminated the insider’s access after the company “determined he shared pictures of his computer screen externally.” “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” CrowdStrike spokesperson Kevin Benacci told TechCrunch. Several other tech companies were allegedly hacked as part of the same campaign. Gainsight did not respond to TechCrunch’s requests for comment. Scattered Lapsus$ Hunters is a collective of hackers made up of several hacking groups, notablyShinyHunters,Scattered Spider, andLapsus$. The group’s members usesocial engineering techniquesto trick employees into granting them access to their systems or databases. In October, Scattered Lapsus$ Hunters claimed to have stolenmore than 1 billion records from corporate giantswho rely on Salesforce to host their customer data. The hackers published a data leak site listing data stolen from companies, including insurance giantAllianz Life,the airlineQantas, carmakerStellantis, credit bureauTransUnion, the employee management platformWorkday, and others. Topics Security Editor Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter,this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, [email protected]. Senior Reporter, Cybersecurity Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram. StrictlyVC concludes its 2025 series with an exclusive event featuring insights from leading VCs and builders such as Pat Gelsinger, Mina Fahmi, and more. Plus, opportunities to forge meaningful connections. Anduril’s autonomous weapons stumble in tests and combat, WSJ reports This Thanksgiving’s real drama may be Michael Burry versus Nvidia The future will be explained to you in Palo Alto Why ‘hold forever’ investors are snapping up venture capital ‘zombies’ Altman describes OpenAI’s forthcoming AI device as more peaceful and calm than the iPhone OpenAI learned the hard way that Cameo trademarked the word ‘cameo’ US banks scramble to assess data theft after hackers breach financial tech firm