Skip to content
Google, one of the world’s most powerful tech companies, is under pressure after a hacker collective claimed it would leak sensitive data unless two of Google’s security employees are fired. The demand, first reported by Newsweek, surfaced on Telegram where a group calling itself Scattered LapSus Hunters posted the ultimatum.
The hackers allege they have gained access to Google’s internal systems. Their condition? Google must immediately terminate two members of its Threat Intelligence team and halt all monitoring of their network activity. Although the employees’ identities have not been revealed, experts note this is a highly unusual demand. Cybercriminals typically seek money or data, not employee dismissals.
No Proof Yet of Breach
Interestingly, the hackers have not provided any evidence to confirm they have breached Google’s internal databases. Without such proof, many experts believe this could be an intimidation tactic designed to distract or unsettle Google’s security team.
The Scattered LapSus Hunters group claims to represent an alliance of notorious hacking groups such as Scattered Spider, LapSus$, and ShinyHunters. All three have a track record of high-profile data theft, making this new threat all the more concerning.
Connection to Recent Salesforce Breach
This ultimatum comes against the backdrop of a recent security scare. In August, Google confirmed that ShinyHunters had stolen data from Salesforce, one of Google’s third-party vendors. While no Gmail or Google Cloud accounts were compromised, the breach exposed sensitive business contact details.
In response, Google issued a global password reset alert to its 2.5 billion Gmail users, warning them of an increase in phishing emails and even phone-based fraud attempts (“vishing”). Hackers were seen exploiting stolen Salesforce data to craft convincing scams targeting users and businesses.
Despite this, there is still no indication that Google’s core systems—such as Gmail, Google Cloud, or internal databases—have been hacked.
Google’s Silence Raises Questions
As of now, Google has not released any official statement about the Telegram threat. The company has neither confirmed any data breach nor addressed the demand to fire employees.
Security analysts suggest Google may be adopting a “wait and watch” approach, choosing not to acknowledge the claims until hackers provide tangible evidence.
Security Experts Warn of Dangerous Precedent
Industry experts are concerned about the implications of meeting such hacker demands. If Google were to dismiss employees under pressure, it could create a dangerous precedent for future cyber-extortion attempts.
Cybersecurity researcher John Hammond explained:
“If a company caves to demands like these, it sends the message that hackers can manipulate internal decisions — not just by stealing data, but by threatening reputations and livelihoods.”
For now, the situation appears to be a test of nerves: if hackers release evidence of access, Google may be forced into rapid disclosure and mitigation. If not, this could fade as a bluff, though it still highlights evolving tactics in cyber warfare.
The Road Ahead
The potential data leak in Google has caught the attention of employees, shareholders, and billions of users worldwide. Whether the Scattered LapSus Hunters can back up their claims remains uncertain, but the incident underscores the increasing complexity of threats facing Big Tech.
Google’s response—or lack of one—will be closely scrutinized. The company now faces a delicate balancing act: protecting its security culture while reassuring users that their data remains safe.
