Google is facing a rare and unsettling demand from hackers who claim they will leak company records unless the tech giant fires two of its security employees. The ultimatum, first reported by Newsweek, appeared in a Telegram post from a group calling itself the Scattered LapSus Hunters.
The group said Google must terminate two members of its Threat Intelligence team and stop investigating its network activity. While the names of the employees have not been made public, the threat marks an unusual shift: hackers rarely demand the dismissal of specific staff.
The post offered no proof that the hackers have access to Google’s internal systems. Without such evidence, it is unclear whether the group is bluffing or attempting to intimidate Google’s security researchers.
According to Newsweek, the collective presents itself as an alliance of several notorious hacking groups: Scattered Spider, LapSus$, and ShinyHunters. All three names are well known to cybersecurity experts for previous high-profile breaches.
A backdrop of recent breaches
The threat follows an incident in August, when Google disclosed that ShinyHunters had obtained data from Salesforce, a third-party vendor that provides services to Google. That breach did not involve Gmail or Google Cloud user accounts directly, but it did expose business contact information.
Google responded by issuing a global password-change alert to its 2.5 billion Gmail users, warning them of a surge in phishing attempts. Hackers have since used stolen Salesforce data to send realistic-looking scam emails and even “vishing” calls — phone-based frauds aimed at tricking users into handing over access.
Despite the Salesforce case, there is no indication that Google’s own core systems have been breached.
Google has not commented publicly on the hackers’ Telegram post. The company has not confirmed any compromise of its internal databases, nor addressed the demand to fire staff.
For now, the company’s position appears to be to downplay the threat until evidence emerges.
Security experts note that meeting such demands would be unprecedented and could set a dangerous precedent for further extortion attempts.
It remains to be seen whether Scattered LapSus Hunters can back up their threats. If they produce evidence of access, Google may need to move quickly with disclosures and containment. If they remain silent, the incident may fade as a bluff — though one that still leaves lingering questions about the tactics facing big tech.
For now, Google employees, shareholders and billions of users are watching closely. The company must decide how to respond to an unusual, unsettling ultimatum — one that puts its reputation and its security culture squarely in the spotlight.