CrowdStrike fires an insider accused of sharing internal screen images

Markets 2025-11-24 10:54

Texas-based American cybersecurity firm CrowdStrike has reportedly fired an employee accused of leaking internal information to a cybercrime collective that has recently claimed responsibility for corporate breaches involving Salesforce-connected systems. 

The security firm dismissed the “insider” after it found that they worked with the group known as Scattered Lapsus$ Hunters, who began publishing alleged internal screenshots late Thursday and Friday morning on its Telegram channel.

Scattered Lapsus$ released several images showing dashboards linked to company resources, including Okta panels used by employees to access internal applications. The hackers claimed the screenshots came from the compromised employee and were evidence that they had successfully infiltrated CrowdStrike after hacking Gainsight earlier this week.

CrowdStrike and Gainsight still investigating stolen information

According to CrowdStrike, the assertions from the hacking group and the images on Telegram only belonged to an employee who had shared unauthorized photos of his screen with external parties, and it insists there were no breaches on its systems. 

“Our systems were never compromised and customers remained protected throughout,”  spokesperson Kevin Benacci told news publication TechCrunch. He added that the company “turned the case over to relevant law enforcement agencies” after terminating the insider’s access.

CrowdStrike claimed it packed the desk of the worker as soon as it was confirmed he “shared pictures of his computer screen externally,” and the claims circulating in hacker channels were “false.”

Salesforce confirms breach of customer data

On Friday morning, Salesforce updated its incident page saying a breach was affecting some of its customers by causing “connection failures.” Unauthorized actors had accessed “certain customers’ Salesforce data,” though it did not identify which organizations were affected. 

Salesforce said the intrusion occurred through applications developed by customer support and analytics service provider Gainsight.

Later in the day, Google’s Threat Intelligence Group’s Austin Larsen, a principal threat analyst at its cybersecurity division, said the company “is aware of more than 200 potentially affected Salesforce instances.” 

Scattered Lapsus$ Hunters publicly claimed responsibility for accessing data through Gainsight’s integrations and used stolen information to target other corporate customers.

A spokesperson for ShinyHunters, one of the groups within the collective, boasted that “Gainsight was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us.” 

Gainsight has been issuing updates on its incident page since the attack became public. On Friday, the company said it had engaged Mandiant, Google’s incident response unit, to help investigate the breach. 

Salesforce also temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure, alongside notifying customers whose data was stolen, according to the firm’s public updates. 

“Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact OAuth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review,” noted one progress report published on Thursday.

Scattered Lapsus$ family is responsible for several high-profile breaches

Scattered Lapsus$ Hunters is a collaboration formed by several English-speaking cybercrime groups, including ShinyHunters, Scattered Spider, and Lapsus$. The collective became popular for using social engineering techniques to trick employees into revealing login details, granting remote access, or approving authentication prompts. 

In their list of “conquests,” the group has previously targeted MGM Resorts, Coinbase, DoorDash, Workday, Aflac Insurance, and other large companies. Back in October, Scattered Lapsus$ Hunters claimed to have stolen more than one billion records from enterprises using Salesforce to manage customer information. 

They published a leaked directory listing data from insurance provider Allianz Life, airline Qantas, carmaker Stellantis, TransUnion, employee management platform Workday, and more.

Over the last year and a half, the Scattered Lapsus$ family has also claimed responsibility for incidents on Atlassian, DocuSign, F5, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters, and Verizon. 

The hackers said on their Telegram channel that they plan to launch a new extortion website next week for the companies hit in their latest operation. 

“The next data leak site will contain the data of the Salesloft and GainSight campaigns,” the hackers shared their plans with DataBreaches.net.

Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program

Share to:

This content is for informational purposes only and does not constitute investment advice.

Recommended Reading
2025-11-24 10:54
CrowdStrike fires an insider accused of sharing internal screen images
2025-11-24 10:54
Cardano experienced a temporary chain split after a malformed transaction exposed a software flaw
2025-11-24 10:53
Risks To Crypto Market Ahead Of Key MSCI Ruling: Will It Spark A New Bitcoin Sell-Off?
2025-11-24 10:52
Citadel Securities fuels Kraken as crypto firms pull $253m this week
2025-11-24 10:52
USDC Floods Exchanges: Are Traders Buying The Bitcoin Crash?
2025-11-24 10:51
Solo miner lands rare Bitcoin bounty after solving block 924,569

Popular Articles

Curated Series

SuperEx Popular Science Articles Column

SuperEx Popular Science Articles Column

This collection features informative articles about SuperEx, aiming to simplify complex cryptocurrency concepts for a wider audience. It covers the basics of trading, blockchain technology, and the features of the SuperEx platform. Through easy-to-understand content, it helps users navigate the world of digital assets with confidence and clarity.
Unstaked related news and market dynamics research

Unstaked related news and market dynamics research

Unstaked (UNSD) is a blockchain platform integrating AI agents for automated community engagement and social media interactions. Its native token supports governance, staking, and ecosystem features. This special feature explores Unstaked’s market updates, token dynamics, and platform development.
XRP News and Research

XRP News and Research

This series focuses on XRP, covering the latest news, market dynamics, and in-depth research. Featured analysis includes price trends, regulatory developments, and ecosystem growth, providing a clear overview of XRP's position and potential in the cryptocurrency market.
How do beginners trade options?How does option trading work?

How do beginners trade options?How does option trading work?

This special feature introduces the fundamentals of options trading for beginners, explaining how options work, their main types, and the mechanics behind trading them. It also explores key strategies, potential risks, and practical tips, helping readers build a clear foundation to approach the options market with confidence.

What are the risks of investing in cryptocurrency?

What are the risks of investing in cryptocurrency?

This special feature covers the risks of investing in cryptocurrency, explaining common challenges such as market volatility, security vulnerabilities, regulatory uncertainties, and potential scams. It also provides analysis of risk management strategies and mitigation techniques, helping readers gain a clear understanding of how to navigate the crypto market safely.