Tech companies Apple and Facebook, parent Meta, are said to have provided customer data to hackers pretending to be law enforcement officers. To write Bloomberg News on the basis of insiders. According to the sources, this included data such as addresses, phone numbers, and IP addresses. This could have happened with a forged emergency data request.
Unlike a regular request for information, an emergency order does not require a court-signed document, such as a subpoena. Snap, the company behind Snapchat, also received a fraudulent legal request from the same hackers. It is not known if the company provided any information in response. It is also not clear how often companies have provided data in response to fraudulent requests.
Cybersecurity researchers suspect that some of the hackers are underage and located in the United Kingdom and the United States. The sources said that one of the minors is also the brain behind the $ Lapsus hacker group, which hacked Microsoft, Samsung and Nvidia, among others.
arrests
London police have recently arrested seven people in connection with an investigation into Lapsus$. This investigation is still ongoing.
An Apple representative referred to the company’s law enforcement guidelines in response to Bloomberg. The company did not comment further.
data request
Meta says in response to check each data request for legal suitability. The company also claims to use complex systems and processes to validate law enforcement requests and detect abuse. Affected accounts will be banned as far as is known. The Company works with law enforcement in response to incidents of alleged fraudulent orders “as we did in this case.”
Law enforcement agencies around the world routinely request information about users from social media platforms as part of criminal investigations. In the United States, such requests typically require a signed court order. Emergency applications, intended for use in the event of imminent danger, do not have to be signed by a judge.