Apple and Meta, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.”
Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the UK and the US One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp, Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.
In a statement, Meta has said the company reviews every data request for “legal sufficiency” and uses “advanced systems and processes” to validate law enforcement requests and detect abuse. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,” thecompany added.
On the other hand, Apple Inc, quoted its guidelines, which stated that in the case of an emergency application “a supervisor for the government or law enforcement agent who submitted the… request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”