According to Bloomberg, Apple and Meta gave user data to hackers who posed as law police. In mid-2021, both firms fell for the bogus requests and gave over consumers’ IP addresses, phone numbers, and addresses.
Criminal investigators often seek data from social media companies to learn more about the owner of a certain online account. Emergency data demands, on the other hand, do not need a subpoena or search warrant issued by a court.
Fake emergency data requests are on the rise, according to a new Krebs on Security analysis. First, hackers must get into a police department’s email system. The hackers may then create an emergency data request that explains the risks of not receiving the desired data immediately, all while posing as a cop. According to Krebs, some hackers are selling government email access online in order to spam social media with phoney emergency data demands.
But last year’s assaults may have been carried out by Recursion Team, a cybercriminal outfit. Despite disbanding, several members have joined Lapsus$ under new identities. Officials engaged in the probe told Bloomberg that hackers hacked into the accounts of law enforcement organisations throughout the world beginning in January 2021.
“We confirm law enforcement requests and identify abuse,” said Andy Stone, Meta’s policy and communications director, in an email to The Verge. As in this situation, we assist with law enforcement to prohibit known hacked accounts from making requests.
According to Apple’s law enforcement guidelines, “if a government or police agency seeks customer data in response to an Emergency Government and Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government and Law Enforcement Information Request may be contacted.”
Fake emergency data demands have hit other firms than Meta and Apple. It’s unclear whether or not the corporation responded to the falsified request, according to Bloomberg. In response to one of these bogus requests, Discord confirmed to Krebs on Security that it had given over information.