Overview
- The Scattered Lapsus$ Hunters group posted images on Telegram showing internal dashboards, including an employee Okta view.
- CrowdStrike says an internal investigation last month identified the worker who shared screen photos and led to immediate termination.
- The company reports its systems were never compromised and that customers were not impacted, referring the matter to authorities.
- ShinyHunters claims it arranged a $25,000 payment for access and received SSO authentication cookies, a claim not independently verified.
- Attackers allege a link to a Gainsight compromise, which CrowdStrike disputes as false.