The cybersecurity company got hacked by its own employee

In November 2025, CrowdStrike terminated an employee who shared screenshots of internal systems and authentication material with hackers. The threat actors reportedly offered $25,000. The company that sells insider threat detection was hit by an insider threat.

What happened

Hackers published CrowdStrike's name on their leak site alongside Allianz Life, Qantas, Stellantis, TransUnion. Screenshots revealed internal dashboards, Okta authentication flows, and security architecture. CrowdStrike's SOC detected the activity before full access was established.

Insider threat numbers

• €17.4M — average annual cost per organisation
• 93% of security leaders say insider threats are as hard to detect as external attacks
• Only 23% express strong confidence in detection

What to do

1. Least-privilege access. Ruthlessly.
2. Monitor behavioural anomalies. Screenshot tools, unusual access patterns.
3. Restrict screenshots on sensitive systems.
4. Pay your people. €25K shouldn't buy betrayal.
5. Design for known architecture. Defence in depth isn't secrecy.