Apple, Facebook Allegedly Gave User Data to Hackers After They Portrayed Themselves as Law Enforcement Officials
In the middle of 2021, Apple and Facebook reportedly provided user data to a hacker group that was masquerading as law enforcement personnel. Under this guise, these hackers were able to ask for various details that came under ‘emergency data requests.’
For Emergency Data Requests, Individuals Do Not Need to Provide Companies Like Apple and Facebook With a Search Warrant
These ‘emergency data requests’ included customers’ phone numbers, IP, and physical addresses, which were provided to hackers without a search warrant. Typically, Apple and Facebook do not hand over data to people unless a warrant or subpoena is submitted by a judge. Unfortunately, this details request does not apply to emergency data ones because they are used in rare and dangerous cases.
As reported by Bloomberg, Apple directed the publication to its law enforcement guidelines when pressed for further information. The hacker group, known as ‘Recursion Team,’ also managed to obtain the same information through ‘emergency data requests’ from Facebook parent company Meta. Snapchat also received a forged legal request from the same group, but it is unconfirmed if the company entertained such a request.
According to cybersecurity researchers, these hackers could be minors located in the U.S. and U.K., while one of them could be the mastermind of the Lapsus$ group that stole valuable data from both NVIDIA, Microsoft, and Samsung. These ‘emergency data requests’ were sent to Facebook, Apple, and Snapchat from various hacked email domains that belonged to law enforcement officials from different countries.
These requests were also cleverly crafted to look legitimate by including forged signatures of actual and conjured-up law enforcement officers. In a statement, Meta states that it is working with law enforcement to evaluate such requests. It is unclear how the Recursion Team will exploit this data, but if Snapchat was also included in the list of companies that received those ‘emergency data requests,’ there could be others.
At this stage, we are unaware of the danger that customers’ data will be subjected to by the hacker group, but we will keep you in the loop.
News Source: Bloomberg
Stay in the loop
GET A DAILY DIGEST OF LATEST TECHNOLOGY NEWS
Straight to your inbox
Subscribe to our newsletter