“This is personal now:” Man fired after cyberattack wants Lapsus$ hackers to pay

Published: 2 September 2025
Last updated: 4 September 2025
revenge on hackers
Image by Cybernews

Fired after a supposed cyberattack on his company, a former employee has declared war on the ransomware gang. The company says there was no cyberattack.

An employee who allegedly lost his job at the ChangeNOW crypto exchange is vowing to seek revenge on the infamous Lapsus$ ransomware gang. He claims a cyberattack on the company “completely changed” his life.

“Until recently, I was working at ChangeNOW. I gave my time, energy, and dedication to that job,” explained the former employee in a Telegram post.

ADVERTISEMENT

“But because of the chaos caused by Lapsus$, my position was under scrutiny, and I was eventually let go.”

”We have not observed any cyberattacks on our service recently or at this time. None of the cyberattack attempts that have occurred throughout ChangeNOW's history have been successful,”

the company explained.

Meanwhile, the company denies it was faced a cyberattack in a first place and reiterated that ChangeNow

We have not observed any cyberattacks on our service recently or at this time. None of the cyberattack attempts that have occurred throughout ChangeNOW's history have been successful,” the company explained.

Moreover, the company said what the supposed “former employee” describes in the Telegram post, does not reflect ChangeNow's values or how it treats its employees.

”We do not dismiss people for a single mistake. We learn from mistakes. We do not support public destructive calls for revenge,” the company said.

Rage against Lapsus$

The commenter was enraged after his work at the company was destroyed overnight by the “reckless actions” of people who think “this is just a game.”

ADVERTISEMENT

“They are not only attacking systems or data, they are tearing apart lives. People like me who were simply trying to do their jobs now have to deal with the fallout.”

Has my data been leaked?
Check Now

He stated that he was seeking accountability. Among the steps he has taken, he claimed to have contacted law enforcement, including the FBI and authorities behind Operation Endgame, a large-scale operation focused on disrupting botnets and associated criminal infrastructures.

“Lapsus$ needs to understand that their actions have consequences. They are not untouchable. I am dedicating myself to making sure this does not get swept aside. This is only the beginning of the fight,” threatened the commenter.

The messages showed up on Telegram. The authenticity of claims remains unknown, as ChangeNOW told Cybernews that the company have not experienced any cyberattack nor had related layoffs.

"We do not dismiss people for a single mistake. We learn from mistakes," the company spokesperson said. "Also, we do not support public destructive calls for revenge," the company added.

Alliance with Marks & Spencer attackers and threats to Google

The Lapsus$ hacking group first made headlines in 2021 after attacking the Brazilian Ministry of Health. Since then, it has targeted several high-profile technology companies, stealing data from Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, and Vodafone.

In 2022, the group also managed to steal and leak 90 videos containing gameplay footage from Rockstar’s upcoming Grand Theft Auto VI game.

ADVERTISEMENT

According to researchers at the cybersecurity firm Obsidian, a Telegram channel appeared on August 8th this year, conflating three cybergangs: ShinyHunters, Scattered Spider, and Lapsus$. The channel offered “Chaos-as-a-Service.”

vilius Ernestas Naprys Paulina Okunyte Gintaras Radauskas
Don’t miss our latest stories on Google News.
Google News Follow us

After claiming responsibility for major breaches tied to Salesforce instances, the group now demands that Google and the FBI halt their investigations and fire specific employees.

“WE WILL DESTROY YOU AND YOUR MEGA CORRUPTION,” reads one of many posts aimed at Google. The hackers leaked data allegedly belonging to the US insurer Allianz Life and claimed breaches at Zscaler, a cybersecurity firm, and ChangeNow.

The Scattered Spider group is known for attacking some of the UK’s biggest retailers – Marks & Spencer, Co-op, and Harrods – in May.

Marks & Spencer has since been forced to shut down its payment systems at over 1,000 stores across the UK, cancelling thousands of orders for online clothing and home goods.

M&S
Image by Carlos Jasso | Reuters

According to ReliaQuest, 81% of the domains linked to Scattered Spider mimic technology vendors, often using typosquatting tactics. Such tactics involve subtle domain misspellings or tweaks that trick users into thinking they’re logging into a legitimate service.

Thirty-five percent of impersonation domains targeted the tech sector, with 20% aimed at financial firms, and 15% at retailers.

Seventy percent of the group’s known targets are concentrated in just three sectors: technology, finance, and retail trade. These industries are rich in data and often reliant on complex IT infrastructures.

ADVERTISEMENT

ShinyHunters is known to run the hacker community Breached Forums. The group is believed to have operated BreachForums since the 2023 arrest of its previous administrator, Pompompurin.

ShinyHunters has previously listed stolen data from Santander, AT&T, and Ticketmaster.

Updated on September 4th [08:20 a.m. GMT] with a statement from ChangeNow.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT