Many criminals want access so they can pose as cops and make fraudulent 'emergency data requests' with TikTok, Facebook, Discord, and more top companies.

If you are a high-profile target, or is worth the trouble of your adversaries, here’s another way your personal data can leak.

Summary

  • Hackers are selling hacked police emails on the open market.

  • These emails can be used to make fraudulent Emergency Data Requests (EDRs) to social media companies like TikTok, Discord, Snapchat, Facebook, and Instagram

  • EDRs are a way for law enforcement to quickly obtain user data in high-stakes situations.

  • Hackers can use compromised police emails to pose as law enforcement officers and trick social media companies into handing over user data.

  • This data can then be used for criminal purposes, such as harassment, extortion, or physical violence.

  • Social media companies are aware of the problem and are taking steps to protect themselves, but it is an ongoing challenge.

Additional details

  • The hacker who emailed the journalist claimed to have access to an FBI email account.

  • Other hackers are selling emails belonging to the governments of Thailand, the UK, Germany, Bangladesh, and Nepal.

  • One Telegram group where government emails are being advertised is focused on physical violence against targets.

  • Social media, including Meta, Tiktok, and Discord, may have measures in place to block fraudulent EDRs.

  • However, it is still possible for hackers to get through these measures, as evidenced by the cases of Apple and Meta giving up user data in response to fraudulent EDRs.