Apple Inc. and Facebook’s parent company fell for an email scam and leaked some user data to fake law enforcement officials, a new bombshell says.
Cyber criminals using hacked domains from multiple law enforcement agencies made fake “emergency requests” for certain user information, Bloomberg News reported Wednesday.
The companies shared basic data such as phone numbers, home addresses and IP addresses, according to Bloomberg, citing sources.
This data could then be used by hackers to launch harassment campaigns or attempt to launch financial fraud schemes, Bloomberg said.
Emergency requests can be made without a court order or subpoena. Emergency requests can be made for “imminent” threats where a person’s life or safety could be at risk.
The fake requests allegedly came from real domains owned by law enforcement agencies in multiple countries in 2021, affecting an untold number of users. Snap Inc. and Discord were also targeted, although Snap has not confirmed whether it shared information in a fake request, Bloomberg said.
Apple and Meta leaked online personal information to hackers posing as law enforcement officials, according to a Bloomberg report.REUTERS/Brendan McDermid/File
Minors in the US and UK are believed to be behind at least some of the requests, which appear to have come from legitimate sources, sometimes even signed by real law enforcement officials, sources told Bloomberg.
Researchers believe other people involved are members of the Recursion Team hacking group and the person behind the group Lapsus$, which allegedly controls Microsoft Corp., according to the report. and hacked others.
Apple and Meta spokespeople did not immediately respond to emails from The Post on Thursday.
Authorities are currently investigating how many users were affected by Apple and Meta disclosing personal information. AP Photo/Tony Avelar, file
But Meta spokesman Andy Stone told Bloomberg that the company checks every data request “for legal sufficiency” and validates the request to detect abuse.
“We are blocking known compromised accounts from making requests and are working with law enforcement to respond to incidents of suspected fraudulent requests, as we did in this case,” Stone said in a statement.
Apple didn’t address the compromised data, instead referring Bloomberg to its policy, which says the company can contact a government or law enforcement agency to confirm that any request is legitimate.
The hackers were allegedly located in the US and UK, Bloomberg reported. Getty Images
Both companies describe the number of emergency requests they receive and fulfill.
Apple’s website said the tech giant received 283 requests in the US and 1,162 worldwide between July and December 2020. According to the website, Apple complied with 93 percent of the requests.
Meta’s website said the company received 211,000 inquiries from January to June 2021 and provided at least some information on nearly 71 percent of the inquiries.