Hackers apparently managed to trick Apple and Meta into giving them user data by pretending to be law enforcement.

A report from Bloomberg claims that both tech giants managed to fall victim to a fake emergency data request back in 2021 from hackers that are pretending to be law enforcement officials.

The fake emergency data requests (ERDs) asked both Meta — the company behind Facebook, Instagram, WhatsApp, and more — and Apple to submit sensitive data that includes phone numbers, residential addresses, IP addresses, and more.

Bloomberg said that the company behind Snapchat also got a similar fraudulent request. However, the news outlet is not sure if the company actually fell victim to it and also leaked sensitive user data.

In a statement sent to IGN, Meta said: “We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.”

Android-apps-security-7421

Related

“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.” the representative added.

Apple also sent its response citing a section on its law enforcement guidelines: “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

It’s not clear who’s behind the hacking incident. However, Bloomberg thinks that Lapsus$, a known hacking group, may have something to do with it. The same group has targetted a couple of giant tech companies like Samsung, Microsoft, and more.



Leave a comment

Your email address will not be published.