CrowdStrike said on November 21, 2025 that an insider shared screenshots of internal systems with hackers, after members of threat groups ShinyHunters, Scattered Spider, and Lapsus$ posted them on Telegram.
ShinyHunters said that they allegedly agreed to pay the insider $25,000 to provide them with access to CrowdStrike’s network. They further claim that they ultimately received SSO authentication cookies from the insider, but by then, the suspected insider had already been detected by CrowdStrike, which had shut down his network access.
The company stresses that no systems were breached and no customer data was exposed.
“We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally,” a CrowdStrike spokesperson told BleepingComputer. “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies.”
Read more about it here.