Incident Overview

A threat actor using the handle lucy is selling compromised email accounts from police departments across first-world EU countries. Each account is priced at a flat $1,000 USD with no room for negotiation, and the actor specifically excludes accounts from Eastern European or lower-tier domains, claiming these are clean, fresh credentials from jurisdictions that major platforms actually respect and prioritize.

The primary use case being marketed is submitting fraudulent emergency data requests (EDRs) to companies like Meta, Google, Telegram, WhatsApp, TikTok, and X. Buyers can also use the accounts to send formal legal notices, preservation letters, and subpoena-style demands, or to impersonate EU law enforcement investigators through social engineering. The actor emphasizes that a credible first-world EU police email significantly improves the speed and success rate of these requests compared to cheaper alternatives that tend to get flagged and blocked.

Delivery includes the full credentials (email address and current password) along with a basic setup guide, handed over immediately after payment. For an extra $300, buyers can add a forged matching police ID in the form of a professional scan or PDF with correct details, useful as a backup when platforms request credential verification. Payment is accepted in BTC, LTC, ETH, SOL, USDT, and Monero, with the actor expressing a preference for Monero.