CrowdStrike has recently confirmed that an insider shared internal system screenshots, drawing attention within the cybersecurity community. The company emphasized that, despite this breach of trust, there was no compromise of its systems and that customer data remained secure.
The screenshots appeared publicly on a Telegram channel shared by Scattered Lapsus$ Hunters. Leaked images reportedly showed internal dashboards, including an Okta Single Sign-On (SSO) panel used by employees to access CrowdStrike’s internal apps. Members of the ShinyHunters group reportedly agreed to pay the insider $25,000 in exchange for access to CrowdStrike’s internal systems. They claimed the insider ultimately provided them with authentication cookies linked to the company’s single sign-on system, although CrowdStrike had already detected the suspicious activity and cut off the access before those credentials could be abused.
In its public statement, CrowdStrike confirmed the termination of an employee last month, following an internal investigation that found the individual had shared computer screen images with individuals linked to a hacker group. The Scattered Lapsus$ Hunters group has been associated with several high-profile breaches, including Jaguar Land Rover (JLR), Google, and others. Recently, ShinyHunters have also been tied to major Salesforce data breaches, exploiting OAuth token theft from third-party apps and affecting hundreds of customers worldwide.
However, this incident shows that vigilance and rapid response can stop even determined adversaries. Although the insider compromised visual information, CrowdStrike’s prompt action kept critical systems and customer data secure, demonstrating that cybersecurity is a constant balancing act between risk and resilience. It is rare when both hackers and companies witness a leak, only to realize that a screenshot, unlike passwords, cannot unlock the doors it shows.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
