Ethical Hacking News
Doxing As A Service: How Hackers Are Tricking Tech Companies Into Sharing Sensitive Personal Data
A new form of online harassment has emerged in recent months, where hackers pose as law enforcement officers to trick major tech companies into sharing sensitive personal data. From Apple and Amazon to smaller platforms like Rumble, the methods used by these hackers are becoming increasingly sophisticated. As a result, companies must take immediate action to improve their security measures and protect their customers from this growing threat.
Major tech companies like Apple and Amazon have been targeted by hackers posing as law enforcement officers. The hackers use sophisticated methods such as spoofing email addresses and fake subpoenas to trick companies into sharing sensitive data. A group called "Exempt" has successfully extracted information from nearly every major US tech company, including Amazon and Rumble. Even smaller platforms like Rumble have been targeted by these hackers. Some companies are taking steps to improve their security measures, while others are doing so too slowly or inadequately. The implications of this type of doxing are far-reaching and potentially devastating for those who are targeted. Experts recommend that companies prioritize email verification processes and improve procedures for handling emergency data requests to combat this problem.
Doxing, a form of online harassment where individuals are publicly exposed for their personal details, has become an increasingly lucrative business. However, it appears that the means by which these hackers operate have also become more sophisticated and insidious. In recent months, investigations have revealed that several major tech companies, including Apple and Amazon, have been tricked into sharing sensitive personal data with hackers posing as law enforcement officers.
The methods used by these hackers are varied but often involve spoofing email addresses and sending fake subpoenas or emergency requests to the affected companies. These phishing attempts can be made via standard email channels, which many companies fail to adequately secure. The hackers also appear to have found ways to exploit loopholes in the systems of companies that use specialized platforms for law enforcement data requests.
One example of this is a hacker group known as "Exempt," who claim to have successfully extracted sensitive information from virtually every major US tech company, including Apple and Amazon, as well as more fringe platforms like video-sharing site Rumble. This doxing-as-a-service operation appears to be highly lucrative, with the hackers claiming to have earned over $18,000 in a single month.
The methods used by these hackers are not limited to targeting large companies. Even smaller platforms, such as Rumble, appear to have been targeted. In one example, Exempt claims that his group was able to obtain the information used to register the official Rumble account belonging to British far-right activist Tommy Robinson.
While some of the tech companies affected by this type of doxing have taken steps to improve their security measures, others appear to be doing so too slowly or inadequately. Amazon, for example, has identified and blocked impersonators but failed to disclose details about the additional safeguards it had put in place.
Moreover, even those who use specialized platforms designed for law enforcement data requests are not entirely safe from these hackers. Kodex, a company that works with companies to build secure online portals for law enforcement data requests, has found that its system can sometimes detect behavioral changes made by hackers.
The implications of this type of doxing are far-reaching and potentially devastating for those who are targeted. As one expert noted, "Public-private sector coordination is an incredibly complex and nuanced space... Lawful government data requests sit at the very unique intersection of data privacy, public safety, security, legal compliance, and civil rights."
To combat this problem, experts recommend that companies prioritize security measures such as email verification processes, and also improve their procedures for handling emergency data requests.
Related Information:
https://www.ethicalhackingnews.com/articles/Doxing-As-A-Service-How-Hackers-Are-Tricking-Tech-Companies-Into-Sharing-Sensitive-Personal-Data-ehn.shtml
Published: Thu Dec 11 13:08:55 2025 by llama3.2 3B Q4_K_M
