Apple Inc and Meta provided their customer data to hackers who pretended to be enforcement officials, according to three people with knowledge of this matter, reported news agency AFP on Wednesday (March 30) citing a company source.
As per the report, both Apple and Meta provided their basic subscriber details such as the customer’s address, phone number, IP address in mid-2021 in response to the forged “emergency data requests”.
According to people such demands are usually provided with a search warrant or subpoena signed by a judge. However, emergency requests don’t require a court order.
The report mentioned that the same hackers sent a forged legal request to Snap Inc, but it’s unclear whether the company has provided the data in response. It’s also unclear that hoe many times the company has provided data in response to forged legal requests.
Also read |
As per the reports, cybersecurity experts suspect that some of the hackers are sending these forged requests are minors located in the UK and the US.
Seven people were recently arrested by the City of London Police in connection with an investigation into the lapsus$ hacking group, the investigation is still going.
An Apple representative referred a section of its law enforcement guidelines to Bloomberg News. According to the guidelines, a government supervisor or law enforcement agent who submitted the request “may be called and asked to confirm to Apple that the emergency request was legitimate”.
Also read |
In response, Meta spokesperson Andy Stone said, “We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.”
“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,” Stone added.
Cyber expert Brian Krebs wrote on Tuesday that criminal hackers have been compromising email accounts or websites tied to police or government and claiming they can’t wait for a judge’s order for information because it’s an “urgent matter of life and death”.
Krebs noted that the lack of a unitary, national system for these type of requests is one of the key problems associated with them, as companies end up deciding how to deal with them.
“To make matters more complicated, there are tens of thousands of police jurisdictions around the world — including roughly 18,000 in the United States alone — and all it takes for hackers to succeed is illicit access to a single police email account,” he wrote.
WATCH | Facebook’s parent company Meta gave user data to hackers
(With inputs from agencies)