Skip to content

Apple and Meta shared data with hackers impersonating law enforcement

  • by
  • 2 min read

Apple and Meta turned user data over to hackers faking emergency data request orders, usually sent by law enforcement agencies as per a report by BloombergThe mistake happened in mid-2021 and both companies leaked information including IP addresses, phone numbers and phone addresses. 

While generally, such data requests would require a search warrant signed by a judge or a subpoena, emergency data requests are exempt from such requirements intended for cases involving life-threatening situations. According to a report from Krebs on Securitythese fake emergency data requests are becoming increasingly popular. 

The attackers first gain access to a police department’s email system and then forge an emergency data request describing the potential danger of not sending the data right away, pressurising companies to give out data that would otherwise be safe. 

In the News: Lapsus$ strikes again; leaks 70GB data of Globant

Hackers after subpoenas

The attacks seem to have been carried out by a group called the Infinity Recursion hacking team. Though the group isn’t active anymore, several members have joined Lapsus$ under different names.

Bloomberg reports that officials involved in the investigation reported such attacks on law enforcement agencies in multiple countries with a number of companies targetted for several months starting January 2021. 

Apple and Meta aren’t the only companies to be impacted by such attacks either. Discord also complied with one such fake request and Snap was also sent one, though it’s unclear whether or not the company followed through on the request. 

According to Brian Krebs, some hackers are selling compromised government emails online specifically for this very purpose. A majority of attackers launching these types of attacks are allegedly teenagers, with the Bloomberg report stating that cybersecurity researchers believe that Lapsus$’s teen mastermind might be involved in these types of scams as well. 

In the News: Ronin Network exploited for 173,600 ETH and 25.5M USDC

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>