Google Confirms Fake Account in Law Enforcement System After Hacker Group’s Claims

by ddos · September 18, 2025

Google has confirmed that a bogus account was created in its Law Enforcement Request System (LERS), the portal used by government agencies to request user data. A company spokesperson said: “We discovered a fake account in our law-enforcement request system and disabled it. No requests were submitted from that account, and no data was accessed.”

The announcement followed posts on BreachForums by a group calling itself Scattered Lapsus$ Hunters, which published screenshots claiming access to LERS and to the federal NICS system the FBI uses to vet firearm purchasers. The Bureau declined to comment.

Scattered Lapsus$ Hunters presents itself as an amalgam of members drawn from three notorious collectives—Scattered Spider, ShinyHunters, and Lapsus$. The group’s hallmark is performative bravado: they court attention and relish taunting law-enforcement and threat-analysis teams such as Mandiant. Previously they have boasted attacks against Jaguar Land Rover and summer intrusions involving M&S, Co-op and Harrods.

Last week the group announced a “withdrawal into the shadows,” posting images purportedly from LERS and NICS overlaid with the Scattered Lapsus$ Hunters emblem. In a farewell message they claimed, “We have decided to vanish from view,” and portrayed eight members of Scattered Spider and ShinyHunters, arrested since April 2024, as “collateral victims of our war against authority.” They added, provocatively: “If you’re worried for us, don’t be… we’ll enjoy our golden parachutes of millions the group has amassed. Others will keep probing and improving the systems you use every day. Quietly.”

The professional community greeted these claims with skepticism. Karl Sigler, head of security research at Trustwave SpiderLabs, observed: “This is more likely not a genuine dissolution but an attempt to distance themselves from mounting law-enforcement pressure.” He added: “It’s plausible that part of their operational infrastructure was compromised—a hijacked system or communications channel. These groups do not simply vanish. They adapt.”

The bottom line remains unchanged: Google says the fake LERS account was blocked in time, submitted no requests, and did not access any data. Nevertheless, the published screenshots and theatrical pronouncements serve to erode trust in governmental and corporate systems while generating a loud, distracting cycle of publicity.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal