The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from US tech companies by compromising government and police email addresses to send “emergency” data requests.

The FBI public announcement filed this week is a rare acknowledgment by the federal government of the threat posed by fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats to life or someone’s property. Abuse of emergency data requests is not new and has been widely reported in the last years. Now, the FBI is warning that it saw a “surge” around August in criminal posts online advertising access to or making fraudulent requests for emergency data, and that it has gone public for awareness.

“Cybercriminals likely gain access to compromised US and foreign government email addresses and use them to make fraudulent emergency data requests to US companies, exposing customers’ personal information for further criminal use” , the FBI notice said.

In general, police and law enforcement in the US need some kind of legal justification to search and gain access to private data that companies store on their servers. Typically, for a person’s private content, such as their files, emails or messages, the police must provide sufficient evidence of a possible crime before a US court will issue a search warrant allowing the police to that information from a private company. Police can issue subpoenas – which do not require going to court – asking companies to access limited amounts of information about a user, such as basic account information such as usernames, account logins, email addresses -mail and phone numbers and sometimes approximate location.

There are also emergency requests, a procedure where law enforcement can urgently request a person’s information from a company in the event of an immediate risk, where there is no time to request a court order.

Federal authorities say some cybercriminals are abusing these emergency requests.

The FBI said in its advisory that it saw several public posts made by known cybercriminals in 2023 and 2024 claiming access to email addresses used by US law enforcement and some foreign governments. The FBI says this access was eventually used to send fraudulent subpoenas and other legal demands to US companies seeking private user data stored on their systems.

The advisory said cybercriminals were able to pose as law enforcement, using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, such as claims of human trafficking and, in one case, that a person would “suffer greatly or die” if the company in question did not return the requested information.

The FBI said compromised access to law enforcement accounts allowed hackers to generate legitimate-looking subpoenas that led to companies handing over usernames, emails, phone numbers and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said.

Cybercriminals often use the requested data to harass, dox and target people with financial fraud schemes, according to a 2022 Bloomberg reportwhich discovered at the time that hackers were obtaining user information from Apple customers and Facebook and Instagram owner Meta by submitting fraudulent emergency data requests. Snap, the maker of Snapchat, and Discord were also targeted.

Apple, Google, Metaand Snapwhich store huge amounts of personal and private customer data, collectively receive tens of thousands of emergency data requests each year.

Bloomberg reported in 2022 that some of the fraudulent emergency data requests date back to early 2021 and were made by groups consisting mostly of teenagers and young adultssuch as Recursion Team and later Lapsus$ who continued to hack some of the biggest companies in the worldinclusive Uber.

The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said private companies “should apply critical thinking to any emergency data requests they receive,” given that cybercriminals “understand the need for exigency.”