Image Credits:Bryce Durbin / TechCrunch 10:55 AM PST · November 21, 2025 Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group. A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed insider access to CrowdStrike systems. The screenshots, which TechCrunch has seen, show dashboards containing links to company resources, including a user’s Okta dashboard used by employees for accessing internal apps. The hackers claimed in the Telegram channel to have compromised CrowdStrike through a recent breach at Gainsight, a customer relationship management company that helps Salesforce customers track and manage their own customers’ data. The hackers said they used information stolen from Gainsight to break into CrowdStrike. But CrowdStrike says the hackers’ claims are “false,” and says it terminated the insider’s access after the company “determined he shared pictures of his computer screen externally.” “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” CrowdStrike spokesperson Kevin Benacci told TechCrunch. Several other tech companies were allegedly hacked as part of the same campaign. Gainsight did not respond to TechCrunch’s requests for comment. Scattered Lapsus$ Hunters is a collective of hackers made up of several hacking groups, notably ShinyHunters, Scattered Spider, and Lapsus$. The group’s members use social engineering techniques to trick employees into granting them access to their systems or databases. In October, Scattered Lapsus$ Hunters claimed to have stolen more than 1 billion records from corporate giants who rely on Salesforce to host their customer data. The hackers published a data leak site listing data stolen from companies, including insurance giant Allianz Life, the airline Qantas, carmaker Stellantis, credit bureau TransUnion, the employee management platform Workday, and others. Techcrunch event San Francisco | October 13-15, 2026 Topics Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com. View Bio Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram. View Bio