Apple and Facebook’s parent company Meta were persuaded to give up customer data to hackers posing as law enforcement agents bearing phony “emergency data requests,” Bloomberg revealed on Wednesday, citing three sources familiar with the matter. The fraudulently obtained information allegedly included users’ phone numbers, IP addresses, and even physical addresses.
The hackers also attempted to con Snap, the parent company of Snapchat, into coughing up the same data, but it’s not clear if they were successful. Sources declined to elaborate on how many times the social media platforms in question were convinced to turn over information in response to the fraudulent requests.
While such information is normally only provided in response to a subpoena or search warrant, both of which would require a judge’s signature, so-called “emergency requests” require nothing of the sort, making the hackers’ task surprisingly easy. Indeed, cybersecurity researchers investigating the case believe at least some of the hackers in question are minors operating out of the US and UK.
At least one of the minors is thought to be the leader of Lapsus$, a cybercrime ring which has previously hacked Microsoft, Samsung, and Nvidia, according to Bloomberg’s sources. City of London police have arrested seven people in connection to the Lapsus$ probe.
Attempting to explain its eagerness to fork over customer data, Apple referred Bloomberg to a section of its enforcement guidelines stating a “supervisor for the government or law enforcement agent who submitted the request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”
Meta insisted it reviewed all data requests for “legal sufficiency” and claimed to use “advanced systems and processes to validate law enforcement requests and detect abuse.”
According to spokesman Andy Stone, the company also blocks “known compromised accounts from making requests” and works with law enforcement to respond to “incidents involving suspected fraudulent requests, as we have done in this case.”
Snap declined to comment beyond a statement pointing out that the company has safeguards to block fraudulent data requests.
The man who critically injured Slovak Prime Minister Robert Fico on Wednesday was a fierce…
The Asia-Pacific region should be free of military blocs because of their potential to undermine…
Russian President Vladimir Putin was welcomed with an honor guard after his plane touched down…
Russian President Vladimir Putin has set the stage for his state visit to China by…
С каждым днем онлайн-казино становятся все более популярными среди азартных игроков. И это вполне логично:…
Russian President Vladimir Putin has officially appointed Andrey Belousov as the new minister of defense.Belousov,…