The FBI has issued a public warning about hackers exploiting compromised government and police email addresses to obtain private user information, including emails and phone numbers, from US-based tech companies. This threat is part of a growing trend of abuse of emergency data requests, a legal process designed for law enforcement to respond to immediate threats.
According to the FBI, cybercriminals have been using compromised government and foreign government email accounts to send fraudulent emergency data requests to US companies. These requests often cite false threats or claim that users will suffer harm unless their information is returned. The hackers use these legitimate-looking subpoenas to obtain sensitive user data, including usernames, emails, phone numbers, and more.
The FBI advises private companies to apply critical thinking to any emergency data requests received, considering the need for exigency and the risk of cybercriminals exploiting legitimate processes. Law enforcement organizations are also encouraged to improve their cybersecurity posture by strengthening passwords and implementing multi-factor authentication.
This issue has been widely reported in recent years, with Bloomberg previously reporting on groups of teenagers and young adults using fraudulent emergency data requests to steal user information from major companies like Apple, Google, Meta, Snap, and Discord. The FBI’s advisory serves as a reminder for private companies and law enforcement organizations to stay vigilant against this threat.
Source: https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information