The American tech company Apple and Facebook parent company Meta accidentally provided customer data to hackers last year. The hackers pretended to be law enforcement officers and were able to obtain the user data through an emergency data request. Bloomberg reports this.
The hackers pretended to be law enforcement officers and were able to access Apple and Meta user data through forged emergency data requests. Such an emergency data request is normally used by, for example, the police in criminal investigations. An emergency request does not require the permission of a judge, because there is usually an acute threat. Normal requests are only issued with a search warrant or subpoena signed by a judge.
The hackers copied the emergency requests and sent them to various tech companies, including Apple and Meta. They also sent emergency requests to Snapchat, but the company did not respond. The falsified legal requests were likely sent via hacked email domains belonging to law enforcement agencies in multiple countries.
The hackers are said to have stolen addresses, phone numbers and IP addresses of customers of the tech companies.
Cybersecurity researchers say it is believed to be underage hackers from the United Kingdom and the United States. One of the hackers is said to be a 16-year-old boy from Oxford. He is also likely the mastermind behind hacking group Lapsu$.
This hacking group was responsible for several attacks on major tech companies such as NVIDIA, Microsoft , Okta and Samsung. Last week, seven people were arrested in London in connection with the investigation into the hacker group. This investigation is still ongoing.
Control data requests
Apple has not commented on the hack. Speaking to Bloomberg, the tech company refers to the company’s law enforcement guidelines.
A spokesperson for Meta says that all data requests are checked for legal authenticity. The company would use sophisticated systems and processes to validate law enforcement requests and detect abuse. “We are blocking known compromised accounts from making requests and working with law enforcement to respond to incidents of suspected fraudulent requests, as we did in this case,” Meta said.
It is not clear how much data the hackers stole. The information obtained by the hackers through the forged legal solicitations can be used for intimidation campaigns. The hackers have customer details of victims and can use it for financial fraud. For example, they can use it to bypass the security of their accounts.
Catch up on more articles here
Follow us on Twitter here