Hackers Created a Fake Account on Google’s Law Enforcement Portal

Google has confirmed that hackers managed to create a fake account in its Law Enforcement Request System (LERS)—a platform used by police and intelligence agencies to submit official data requests.

According to Bleeping Computer, members of the hacker groups Scattered Spider, LAPSUS$, and Shiny Hunters—who now claim to have united under the name Scattered LAPSUS$ Hunters—boasted on Telegram that they had gained access not only to Google’s LERS portal but also to the FBI’s eCheck system, which verifies law enforcement requests.

Both LERS and eCheck are critical tools used worldwide to transmit warrants, subpoenas, and emergency disclosure requests. Unauthorized access could allow criminals to impersonate law enforcement officers and potentially obtain sensitive user data.

“We identified a fraudulent account in our law enforcement request system and disabled it,” a Google spokesperson told reporters. “No requests were made using this fake account. No data was accessed.”

The FBI declined to comment on the hackers’ claims.

Track Record of Attacks

The announcement came after hackers posted screenshots of their alleged access shortly before declaring their intention to “go dark.” Earlier this year, Scattered LAPSUS$ Hunters drew significant attention with large-scale attacks on Salesforce.

• The group first used social engineering to trick employees into connecting Salesforce’s Data Loader tool to corporate instances, enabling mass data theft and extortion.
• They later breached the GitHub repository of Salesloft, using the Trufflehog tool to hunt for secrets in private code. This led to the discovery of authentication tokens for Salesloft Drift, which were leveraged in further attacks and additional theft from Salesforce systems.

Google’s Mandiant threat intelligence team was the first to publicly flag these activities, warning companies to strengthen defenses against such tactics. In response, the hackers began mocking the FBI, Google, Mandiant, and other security researchers across their Telegram channels.

Going Dark—or Going Underground?

Now, the group has posted a lengthy statement on a BreachForums-linked domain, claiming they are ceasing operations:

“We have decided that from now on, our strength is in silence. You will still see our names in the data breach reports of dozens of multi-billion-dollar companies that have not yet admitted to being hacked, as well as some government structures, including highly secured ones. But that doesn’t mean we are still active.”

Despite this declaration, cybersecurity experts interviewed by Bleeping Computer believe Scattered LAPSUS$ Hunters are unlikely to disband. Instead, analysts suggest the group will continue operating in a more covert capacity, refining its tactics while avoiding the spotlight.