Apple, Twitter, Google’s parent company Alphabet, Discord, Meta, and Snap Inc. have all recently handed over sensitive user information to criminals, which has frequently been used to hack into victims’ accounts or to initiate sextortion schemes against them. The data—which includes names, email addresses, and IP and physical addresses—has been stolen using fake legal requests filed by the hackers.
The incidents appear to be part of a bizarre new cybercrime trend that involves criminals using hacked police email systems to acquire data via fake subpoenas. The hackers would sometimes use the basic subscriber information to hack into victims’ accounts. In other cases, the hacker would use the information to befriend the victim and encourage them to share sexually explicit material. If the victim refused, the hackers would frequently threaten them with various forms of online harassment, including swatting and doxxing.