FBI alerts tech companies of forged subpoenas used by data-stealing hackers

Cybercriminals use fake subpoenas to hack tech firms, FBI issues alert.

: The FBI warns that hackers are using fraudulent EDRs to trick tech companies into releasing user data. These fake requests exploit exceptions that allow companies to provide data without a court order in emergencies. The FBI advises scrutinizing documents, verifying with authorities, and implementing strong cyber policies. Hackers have targeted over 25 countries' government credentials for such attacks.

The FBI has issued a warning to tech companies about hackers who are using forged Emergency Data Requests (EDRs) to illicitly obtain user information. These cybercriminals exploit exceptions typically made for urgent law enforcement requests, gaining access through credentials stolen from law enforcement and government emails worldwide.

From August 2023 to August 2024, there has been a surge in activity involving this tactic, with hackers even selling EDR forgery tutorials online for $100. A known criminal devised an EDR submission template aimed at PayPal, who successfully detected and rejected the false request.

The FBI suggests tech firms verify subpoenas by checking for fraud elements and validating legal codes with issuing authorities. They also emphasize the importance of maintaining robust cybersecurity protocols, such as strong password policies and regularly monitoring third-party software.