Major tech companies ranging from Google, Apple, Snap, Twitter, Meta Platforms, as well as Discord have been tricked into giving up personal information about their users to hackers. Citing information from federal law enforcement officials as well as industry officials, Bloomberg has reported that the tech giants gave the sensitive user information in response to fake emergency legal requests that were made by the hackers.
For those wondering, the reason why Google and other similar companies were tricked is that these requests do not really require a court order and companies often give the data to law enforcement agencies in good faith when danger is involved. This is done by the hackers compromising the email of law enforcement agencies to get their hands on such reports.
Hackers Managed to Fool Some of the Biggest Tech Companies Including Google and Apple
In such a case, the data obtained through fraudulent means were used to target minors as well as women, and in some cases, bad actors put pressure on them to share material that was sexually explicit and threatened retaliation if they failed to comply.
The tactic is one of many tools that cybercriminals are using to steal personal information for financial benefits. The scariest part is that the attackers successfully managed to impersonate law enforcement officers to a degree that even companies like Google and Apple were left fooled.
The anonymous sources that gave this information talk about how such schemes are impossible for victims to protect against and the best way to prevent something like this from happening is not having an account on such information.
“Tech companies should implement a confirmation callback policy as well as push law enforcement to use their dedicated portals where they can better detect account takeovers,” said Alex Stamos, the former chief security officer at Facebook.
On the other hand, Google has told Bloomberg that it managed to uncover a fraudulent data request that originated from malicious actors posing as actual government officials back in 2021. The individual was identified, however, and the company notified the authorities. “We are actively working with law enforcement and others in the industry to detect and prevent illegitimate data requests,” a Google spokesperson told the publication.
Additionally, a Facebook representative stated that the platform reviews all data requests for “legal sufficiency and uses advanced systems and processes to validate law enforcement requests and detect abuse.”
Discord has also talked about how it validates all law enforcement requests while both Twitter and Apple declined to comment on this situation.