Emergency Doxing: Scammers Impersonate Police to Steal Data from Apple, Charter, and Amazon
A scheme is gaining momentum worldwide in which doxers impersonate police officers and use so-called “emergency requests” to coerce major companies into disclosing private personal data within minutes. On September 4, for example, an employee at Charter Communications’ legal response center received what appeared to be an urgent email from “Officer Jason Corse” of the Jacksonville Sheriff’s Office and promptly released the target’s name, home address, phone numbers, and email address. In reality, the message had been sent by a member of a group that openly sells doxing as a service.
A source known as Exempt told WIRED that his group is capable of extracting such information from nearly all major U.S. technology companies, including Apple and Amazon, as well as smaller platforms like Rumble. In the Charter case, he claims the entire process took about twenty minutes—and that the fate of the person whose data was exposed is rarely a concern.
According to Exempt, he may have successfully executed as many as 500 such requests over the past few years. To substantiate his claims, he provided WIRED with materials he describes as screenshots of emails, forged subpoenas, company responses, and even an audio recording of a call with one firm’s compliance team as they attempted to verify a request. He also presented indications that an active law-enforcement officer may have contacted the group, allegedly offering to submit requests from his own account in exchange for a share of the proceeds.
The mechanics are disturbingly simple. Once attackers obtain an IP address, they attempt to tie it to an individual, extract contact details, and use that information as a foundation for further requests. Exempt states bluntly that with a subpoena or warrant, it is possible to reach far more sensitive data—private messages, texts, call logs—in effect, “a person’s entire life,” with the outcome hinging largely on how quickly a company responds.
In the United States, official requests from police and other agencies are typically delivered via email, and large platforms maintain teams obligated to respond. Alongside standard requests, there are emergency data requests—submitted when there is an alleged imminent risk of harm or death—which often bypass additional verification steps because companies rush to help “save a life.” This exception is precisely the loophole doxers exploit.
The problem is compounded by the sheer scale and fragmentation of U.S. law enforcement: roughly 18,000 separate agencies, each with its own domains and naming conventions. As a result, an email that merely “looks legitimate” can be difficult to dismiss. Exempt describes two primary tactics: hijacking genuine police email accounts through social engineering or data breaches, or registering look-alike domains. In the Jacksonville case, he claims the group purchased jaxsheriff.us instead of the real jaxsheriff.org, spoofed the department’s phone number, and used authentic badge numbers and officer names to eliminate suspicion.
He adds that forged documents are made to appear highly credible. The group reportedly copies real subpoenas from public records, inserts appropriate legal language and statutory references, and sometimes even checks whether the named judge is physically present at the courthouse on the stated day. Exempt further alleges that his group obtained registration details for a Rumble account belonging to British far-right activist Tommy Robinson.
Even when companies attempt to verify such requests, evasion remains possible. In one recording Exempt shared with WIRED, a member of Amazon’s law-enforcement response team called the phone number listed in the email and spoke directly with Exempt, thereby “confirming” receipt of the documents. Amazon later stated that it identified and blocked the impersonation attempt, noting that the attacker managed to obtain basic data on fewer than ten customers before the company “acted swiftly to implement additional safeguards,” though it declined to disclose specifics.
Another layer of risk lies in procedural guidance that can read almost like a how-to manual. Apple, for instance, publicly outlines its process for voluntary emergency disclosures via a dedicated form and submissions from an “official” address. Exempt showed WIRED an example of a forged Apple request accompanied by a response that, he claims, included an iCloud user’s home address, phone number, and email.
Risk is further amplified by convenience-driven infrastructure, such as a database maintained by the nonprofit SEARCH, which aggregates direct law-enforcement contact details for hundreds of providers and online services. Former FBI agent Matt Donahue—now founder of Kodex—argues that the root problem is structural: email was never designed to support this level of identity verification and contextual assurance, and secure portals are inherently safer. Yet Kodex estimates that more than 80 percent of companies listed still accept emergency requests via email.
Even portals, however, are not foolproof. Exempt claims that for a time he was able to submit requests through Kodex using compromised police email accounts, before losing access as controls such as trusted-device binding were strengthened. He now says the group is discussing an arrangement with a deputy sheriff from a large department to “rent” a Kodex account or submit requests on his behalf for a percentage, contingent on removing the deputy’s data from a known doxing site. As evidence, Exempt shared a blurred screenshot of a chat conversation and what he says is an official ID.
Donahue emphasizes that emergency requests sit at the intersection of privacy, security, law, and civil liberties, and that response speed can, in genuine cases, determine life or death—making the issue far more complex than simple “negligence under pressure.” He adds that Kodex can flag suspicious behavior not only through one-off checks but via ongoing behavioral analysis designed to detect abuse patterns over time.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
