Apple and Meta shared user data with hackers

In today’s society, almost everyone uses Meta’s applications such as Facebook, Instagram, Messenger. However, many people also benefit from Apple products and services. While you use these services and products, these companies store your user data. Although these two companies protect your user data, sometimes your user data falls into the hands of hackers due to cyber attacks. More recently, hackers have assumed such an identity that Apple and Meta have handed over user data to hackers with their own hands.

Apple and Meta gave user data to hackers who pretended to be law enforcement

According to a report by Bloomberg, Apple and Meta, a number of users gave its data to hackers impersonating law enforcement. These hackers masquerading as law enforcement in mid-2021 made an urgent data request from Apple and Meta, and both companies handed over user data to hackers. This user data included data such as users’ IP addresses, phone numbers, and home addresses.

Law enforcement can obtain information about the owner of a particular online account, often by requesting data from social platforms in connection with criminal investigations. While these requests require a subpoena or search warrant signed by a judge, urgent data requests do not.

Fake emergency data requests are becoming more common, as explained in a recent Krebs on Security report. During an attack, hackers first need to gain access to a police department’s email systems. The hackers then create an emergency data request, assuming the identity of a law enforcement officer, explaining that the requested data must be sent immediately. As stated in the report, the majority of those who make these false requests are young people.

However, last year’s attack is believed to have been carried out by hackers called Recursion Team. Although this group disbanded, some joined Lapsus$ under different names. Officials involved in the investigation said in their statements that hackers had accessed the accounts of law enforcement in multiple countries and targeted many companies for several months, starting in January 2021.

Meta spokesperson Andy Stone said in a statement, “We review every data request for legal adequacy and use advanced systems and tools to verify law enforcement requests and detect abuse. We use processes. We prevent accounts that are known to be compromised from making claims, and as we did in this case, we work with law enforcement to respond to incidents involving suspected fraudulent requests.” said.

Apple, on the other hand, said in a statement that they were following law enforcement guidelines. Among these guidelines, “If a government or law enforcement agency requests customer data in response to an Emergency Government and Law Enforcement Request for Information, a supervisor of government or law enforcement, the person who submitted the Emergency Government and Law Enforcement Information Request may be contacted and provided to Apple. may be asked to confirm that the emergency request is legitimate.” exists.

The companies known to be affected by fake emergency data requests aren’t just Meta and Apple. Bloomberg said the hackers also contacted Snap with a false request, but it’s unclear whether the company followed suit. In the report prepared by Krebs on Security, there is also a confirmation that Discord also provided information in response to one of these fake requests.

Discord’s corporate communications group manager, Peter Day, said in a statement, “This tactic poses a significant threat to the tech industry. We are continually investing in our trust and security capabilities to address emerging issues like this.”