Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data

A group of hackers, known as "doxing-as-a-service" providers, have been tricking major tech companies into sharing private data by impersonating law enforcement officers. These hackers, who call themselves "Exempt," use spoofed email addresses and fake documents to convince companies that the requests are coming from a legitimate source. They claim that they have successfully extracted sensitive information from virtually every major US tech company, including Apple and Amazon.

The hackers' method involves using authentic or convincing fake law enforcement email accounts, as well as creating fake domains that mimic legitimate police departments. They also craft highly convincing fake official documents to back up their requests. Exempt claims that he has made up to 500 successful requests in recent years, with the highest-paying request being $1,200 for a single dox of someone who was allegedly "grooming minors on an online gaming platform."

The hackers exploit loopholes in the system by using emergency data requests (EDRs) that bypass additional verification steps. These EDRs are typically used in cases involving threats of imminent harm or death, and companies under pressure to fulfill the request quickly often comply without verifying the authenticity of the request.

Tech companies have laid out step-by-step guides on how to craft these requests, but even with these guidelines, hackers can still find ways to exploit the system. Apple, for example, provides a form that allows government or law enforcement agents to request information from the company, but Exempt claims that he was able to make requests through this form using compromised law enforcement email accounts.

The problem is partly due to the fact that there are over 18,000 individual law enforcement agencies in the US, all of which use their own email naming conventions and domain registrations. This creates a complex landscape for companies to navigate when it comes to verifying the authenticity of requests.

To address this issue, some companies like Kodex have developed secure online portals that law enforcement can use to make data requests. However, even with these systems in place, hackers can still find ways to exploit weaknesses.

The FBI's former agent turned security expert, Matt Donahue, notes that traditional communication channels like email are not designed for the level of identity verification and real-time decision-making required in modern investigations. He argues that public/private-sector coordination is crucial in preventing such exploits, but says that anyone suggesting these requests are carelessly responded to has little understanding of the subject matter.

The incident highlights the need for greater security measures and better communication channels between law enforcement agencies and tech companies to prevent such exploits. It also underscores the importance of awareness about the risks of doxing and the importance of protecting sensitive information.

I'm not convinced these "doxing-as-a-service" hacks are the end of the world. Like, sure, hackers got some tech bigwigs to spill the beans on someone without consent, but is it really that shocking? Companies like Amazon and Apple are basically begging for this kind of thing by making it so easy to request sensitive info with a fake badge or email address. Come on, guys! Use two-factor auth and verify those emails already!

And while I get that 18,000 law enforcement agencies in the US can make things super tricky for companies to figure out what's legit, isn't it time we upgraded our whole communication system? Like, who needs fake IDs and documents when you have a better way of identifying yourself online? And honestly, how much is $1,200 really worth when someone's personal info gets leaked all over the dark web? Let's just say I'm not buying into this "oh no, hackers are so scary" narrative.

Ugh, I'm so over these "dox-as-a-service" providers . Like, what's the point of even doing that? They're just exploiting loopholes in the system to get private data from major tech companies. And it's not like they're even using their own email accounts or domains anymore - they're spoofing legit ones and crafting fake docs too . It's soooo easy for them to find vulnerabilities in the system, especially with all these individual law enforcement agencies out there using their own naming conventions and domain registrations.

And yeah, I get that it's hard for companies to verify the authenticity of requests, but come on, folks! We can do better than this . It's time for tech companies and law enforcement agencies to work together more closely to prevent these kinds of exploits. And we need better security measures in place ASAP . Can't have just anyone making dox requests without proper verification, you know?

I'm lowkey worried about these "dox-as-a-service" hackers ... They're literally preying on loopholes in the system, exploiting people's trust for their own gain . I mean, think about it - they can trick law enforcement into sharing private data, and then sell that info on the dark web . It's like, what's next? Companies are already making steps to make it harder for them, but I guess you'll never be 100% secure . We need to raise awareness about this stuff so people can protect themselves online

Ugh, this is so messed up I mean, can't these hackers just find another way to get their info? They're basically taking advantage of loopholes in the system and that's not cool. And it's not like they're doing it for revenge or anything, they're just making money off people's private data. It's so shady

And what really gets me is how easy it is for them to get away with it. Like, I know there are a lot of law enforcement agencies in the US, but that shouldn't be an excuse for companies not to have better systems in place to verify requests. It's like they're just sitting ducks

I'm glad some companies are taking steps to create secure portals and whatnot, but it's still not enough. We need more awareness about this stuff and people need to take responsibility for their own security online. It's not that hard to use two-factor authentication or something... come on guys

OMG, you guys ... these hackers are literally so clever! They're like ninjas, sneaking around and getting away with all this sensitive info . I mean, 500 successful requests in recent years? That's wild . And the fact that they can just spoof email addresses and fake docs to convince companies to spill the beans is just mind-blowing .

I'm not surprised though, tbh. The whole system is kinda broken . I mean, 18k law enforcement agencies in the US? That's a lot of variables . And the fact that they're using EDRs to bypass verification steps? Not cool .

But seriously, it's time for tech companies and law enforcement to step up their game . We need better security measures and clearer communication channels to prevent this kind of thing from happening again . It's not just about doxing anymore, it's about protecting people's identities and sensitive info .

You can read more about this issue on The Verge - https://www.theverge.com/2025/2/15/22073155/dox-as-a-service-hackers-tech-companies-law-enforcement

omg can't believe these hackers r doing this they're literally making up fake law enforcement emails & documents to get people's private info i feel so much for all the companies that got tricked into sharing their data, especially apple and amazon it's like they're trying to exploit loopholes in the system & take advantage of tech companies' good faith anyway, gotta say, it's crazy how these hackers are making up to $1200 for a single dox & i'm all for better security measures & awareness about the risks of doxing

omg you guys i cant even believe this is happening!!! these hackers are literally so clever theyre making it seem like theyre getting away with murder lol but seriously its super scary that they can just pretend to be law enforcement and get tech companies to spill all their private info i mean what if they use this info to ruin peoples lives?? and its not just the doxing itself its also the fact that these hackers are exploiting loopholes in the system and making it too easy for themselves i feel like i need to change my password again lol anyway im just really concerned about how we can prevent something like this from happening again idk if secure online portals like Kodex will be enough or if we need more serious measures but one thing is for sure - these hackers are getting a little too good at this

OMG, I'm literally shaking my head thinking about these hackers "Exempt" is a genius name for them, right? But seriously, this is super serious stuff! These guys are basically exploiting loopholes in the system to get sensitive info from major tech companies. It's crazy to think that they're making over $1,200 per dox!

I mean, I know law enforcement agencies have a lot of different email naming conventions and domain registrations, but that's no excuse for these hackers to just spoof their way in . Companies need to step up their security measures and make it harder for these guys to get away with this stuff.

It's also super concerning that companies are often under pressure to comply with requests quickly without verifying the authenticity of the request . I mean, we all know about the importance of protecting sensitive info, but this is on a whole different level!

Anyway, kudos to Matt Donahue for speaking out and saying that traditional communication channels like email aren't designed for modern investigations . It's time for law enforcement agencies and tech companies to work together to prevent these types of exploits in the future .

i think its crazy how these hackers are able to get away with this stuff theyre basically playing on people's fears of law enforcement, you know? like if someone receives a fake email from "the fbi" claiming they need their private info, they're gonna freak out and just comply without verifying it. its like our own paranoia against terrorism is being used against us by these cyber crooks

and yeah, the fact that there are so many law enforcement agencies in the US makes it super hard for companies to keep track of legit requests from real cops . i feel like we need some kind of national ID system for law enforcement emails or something but at the same time, hesitating to make changes because of all the people who would say "but what about our 4th amendment rights?"

i also love how the FBI expert is saying that these hackers are just exploiting loopholes and that we need more public/private coordination . its like, we cant have it both ways - if you want to use a secure online portal, its gotta be implemented nationwide or something

omg this is crazy!!! like, how do these hackers even manage to get away with it for so long? Apple and Amazon are major brands and they got tricked by these fake law enforcement emails I'm so glad that Kodex is working on secure online portals but like, what's being done about the other companies that don't have this system in place? we need better security measures ASAP and awareness about doxing is super important too gotta keep our info safe!

this whole "doxing-as-a-service" thing is wild... i mean, who gets paid $1200 for digging up some random person's info? it just goes to show how easily vulnerable we all are when it comes to online security. 18k law enforcement agencies in the US is a lot to keep track of... companies need to step up their game and create more secure systems for making data requests. public/private sector coordination is key, but i guess it's not that simple

Ugh, this is so messed up ! I mean, can you believe these hackers are literally getting away with stealing people's private info by pretending to be law enforcement? Like, how hard is it for a company to verify that someone's email address is legit or not? It's not rocket science. They're just exploiting this loophole in the system because they know companies will cave under pressure. And now we're facing all these high-profile hacks... what's next?!

omg this is so messed up! i mean, i get it, hackers can be super clever and all that, but do they have to use their skills for evil? and yeah, i see what they're doing with the law enforcement angle - it's like they're exploiting a loophole in the system to get what they want.

i'm literally shaking my head thinking about how tech companies are being scammed like this . like, shouldn't we be able to trust them more? and what's up with all these different agencies having their own email naming conventions and domain registrations? it's crazy! and don't even get me started on the FBI guy saying that public/private-sector coordination is key - like, duh!

anyway, i'm just glad that there are companies out there trying to develop secure online portals for law enforcement to use. maybe they can help prevent some of these hacks in the future? and yeah, awareness about doxing is super important too... we need to be more careful about what info we share online .

OMG, this is so wild! I mean, can you even imagine some dude just chillin', using spoofed emails and fake docs to get private data from Apple & Amazon? Like, what's next?

I'm low-key impressed by these hackers, tho. They're like total pros at exploiting loopholes in the system. And $1,200 for a single dox? That's some serious cash! But also, super concerning.

Tech companies need to step up their security game ASAP and find ways to verify authenticity without falling for these fake requests. It's crazy that law enforcement agencies have so many different email naming conventions & domain registrations - it's like a nightmare to navigate!

I'm all about public/private sector coordination to prevent exploits, tho . We need better communication channels and security measures in place. The FBI guy Matt Donahue makes some good points. Let's get this done!