Tech companies Apple and Meta, Facebook’s parent company, gave addresses, phone numbers and IP addresses of customers to criminals posing as law enforcement officers, reports Bloomberg based on three insiders. By sharing this data, people may have been harassed and scammed.
Before technology companies in the United States disclose customer data to law enforcement, a court order is normally required. This is not necessary in the case of an urgent request, due to the imminent danger which is generally the basis of such a request.
A group of hackers copied these emergency requests and sent them to several tech companies. Snapchat’s parent company also received such requests, but did not respond. It is unclear how many requests the hackers sent in total and in how many cases they were successful.
According to several experts, the requests were sent by underage hackers in the United States and the United Kingdom, writes Bloomberg. They would be members of the Lapsus$ group which hacked, among others, Microsoft and Samsung. Last week, seven people suspected of belonging to Lapsus$ were arrested in London.
Sources tell Bloomberg that the hackers sent the requests via hacked email addresses of law enforcement agencies in several countries. By hacking into mail servers, criminals may have seen real documents containing emergency requests, after which they could be forged.
In a response to Bloomberg, Apple said the person making the request “may be approached and asked to confirm that the emergency request was legitimate.” Apple does not comment substantially on the reports on the exchange of customer data. Meta says they “evaluate each data request for legal adequacy and use advanced systems and processes to validate law enforcement requests and detect abuse.”
“Bacon trailblazer. Certified coffee maven. Zombie lover. Tv specialist. Freelance communicator.”