Google Confirms Hackers Created Fraudulent Account in Law Enforcement Portal LERS

• Fraudulent LERS account: Hackers gained access to Google’s Law Enforcement Request System, creating an account.
• Why it matters: This portal is used by global law enforcement agencies to submit official requests for user data.
• Google's response: Google disabled the account, stating no requests were made or data accessed.

Google has confirmed the creation of a fraudulent account within its Law Enforcement Request System (LERS), a sensitive portal used by global law enforcement agencies to submit official requests for user data, elevating concerns regarding the security protocols surrounding platforms that gatekeep vast amounts of private information.

Details of the Portal Breach

The Google LERS incident was brought to light after a threat actor group calling itself "ScatteredLapsusHunters" claimed on Telegram to have gained access to Google's LERS portal and the FBI's eCheck background check system. 

The group, reportedly an amalgamation of actors from Scattered Spider, LapSus, and ShinyHunters, posted screenshots as proof of their access.

In a statement, Google confirmed the existence of the fraudulent account but clarified its impact. "We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," Google stated, cited by Bleeping Computer. 

"No requests were made with this fraudulent account, and no data was accessed."

Cybersecurity Risks and Google's Response

The creation of a Google LERS fraudulent account presents significant cybersecurity risks. A successful data request could lead to serious privacy violations and further criminal activity.

Unauthorized access to such a system could allow malicious actors to impersonate law enforcement and submit illicit subpoenas, court orders, or emergency disclosure requests to obtain sensitive user data. 

In response to the incident, Google promptly disabled the account, preventing any data exfiltration.

In early August, a Telegram channel called "ScatteredLapsuSp1d3rHunters" claimed responsibility for several high-profile attacks and reportedly leaked the Allianz Life data breach. 

This month, a group of mixed members from the same hacker gangs threatened with a Google data breach unless the company terminated the Principal Threat Analyst with TIG and the Mandiant CTO.

Related

Decade-Old Pixie Dust Exploit Risk Persists in Modern Wireless Firmware, Report Says

Multiple CrowdStrike npm Packages Targeted in Supply Chain Attack as Attack Surface Expands

From Teen Hacker to Inmate: U.S. Court Resentences BreachForums Founder to Three Years Behind Bars

Microsoft Disrupts RaccoonO365 Phishing-as-a-Service, Seizes 338 Domains

Israel Seizes Over 180 Crypto Wallets Reportedly Tied to Iran's IRGC

Avatel Telecom Allegedly Targeted in Data Breach

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.

Subscribe for Free

Please enter a valid email address.

Most Popular

Decade-Old Pixie Dust Exploit Risk Persists in Modern Wireless Firmware, Report Says

Multiple CrowdStrike npm Packages Targeted in Supply Chain Attack as Attack Surface Expands

From Teen Hacker to Inmate: U.S. Court Resentences BreachForums Founder to Three Years Behind Bars

Microsoft Disrupts RaccoonO365 Phishing-as-a-Service, Seizes 338 Domains

Israel Seizes Over 180 Crypto Wallets Reportedly Tied to Iran's IRGC

Avatel Telecom Allegedly Targeted in Data Breach

Decade-Old Pixie Dust Exploit Risk Persists in Modern Wireless Firmware, Report Says

Multiple CrowdStrike npm Packages Targeted in Supply Chain Attack as Attack Surface Expands

From Teen Hacker to Inmate: U.S. Court Resentences BreachForums Founder to Three Years Behind Bars

Microsoft Disrupts RaccoonO365 Phishing-as-a-Service, Seizes 338 Domains

Israel Seizes Over 180 Crypto Wallets Reportedly Tied to Iran's IRGC

Avatel Telecom Allegedly Targeted in Data Breach