A malicious actor has reportedly gained unauthorized access to a law enforcement request account named KodexGlobal, allowing them to issue emergency data requests (EDRs) to prominent cryptocurrency and social media platforms.
The hacker is offering access to this account for sale on BreachForums at a price of $5,000 or $300 per EDR, according to a blog post by cybercrime solutions provider Hudson Rock on February 4.
The services for which the hacker claims to be able to make EDRs include popular platforms such as LinkedIn, Discord, Tinder, Binance, Coinbase, Chainlink, and SendGrid, among others.
However, a Binance spokesperson clarified to Nosisnews that the findings in the blog post do not indicate a breach of Binance’s system. The spokesperson suggested that compromised law enforcement accounts may be involved but emphasized Binance’s commitment to user data security through robust documentation processes and constant monitoring for any unauthorized access.
KodexGlobal is a platform designed for secure communication between law enforcement agencies and regulators. Unauthorized access to this platform allows hackers to falsely request personal data about a company’s users, potentially leading to identity theft, extortion, and financial loss, especially for users holding cryptocurrency assets.
Hudson Rock researchers believe that the hacker gained access to law enforcement systems by exploiting credentials obtained from Infostealer Infections. These infections are often acquired through compromised computers owned by law enforcement officers. The researchers identified over 50 different sets of credentials for Google’s law enforcement system from various Infostealer infections.
This incident raises concerns about the potential abuse of law enforcement request systems and the need for enhanced security measures to protect user data on major online platforms.
Authorities and affected organizations are expected to investigate and address the situation to prevent any further compromise of user information and mitigate potential risks to individuals’ privacy and financial security.