Doxxing Scams: Hackers Trick Big Tech Firms into Sharing Private Data
Meanwhile, a group of hackers has been exploiting a loophole in the system to trick major tech companies into sharing people’s private data.
According to WIRED, the hackers use spoofed email addresses and fake official documents to make emergency data requests, which are typically fulfilled quickly by the companies.
Exempt, a member of the hacking group, claims that they have successfully extracted sensitive information from virtually every major US tech company, including Apple and Amazon.
The Loophole
Consequently, the problem partly stems from the fact that there are around 18,000 individual law enforcement agencies in the US, all of which use their own email naming conventions and domain registrations.
Therefore, hackers can easily create convincing fake domains that closely mimic legitimate police departments.
Exempt explains that they use real badge numbers and officer names to make the fake documents look authentic.
The Consequences
Moreover, the hackers can use the extracted information to make emergency data requests, which can lead to the disclosure of highly sensitive personal data.
Exempt claims that his group brought in over $18,000 in the month of August alone, and that they have been successful in extracting similar information from virtually every major US tech company.
In one case, Exempt says he was paid $1,200 for a single dox of a person who was supposedly “grooming minors on an online gaming platform he owns.”
The Warning
However, experts warn that this type of doxing is a lucrative business, and that hackers are exploiting a loophole in the system to trick major tech companies into sharing people’s private data.
Therefore, it is essential for tech companies to be vigilant and verify the authenticity of emergency data requests before fulfilling them.
In addition, law enforcement agencies need to take steps to prevent hackers from compromising their email accounts and using them to make fake requests.
Source: Link
