Apple and Facebook’s parent company Meta inadvertently provided user data to hackers posing as law enforcement last year, reports Bloomberg based on insiders. Hackers obtain data through emergency data requests, which are typically used by, for example, police in criminal investigations.
Such emergency requests do not require a judge’s permission, unlike normal requests that can be made to a technology company. Hackers are said to have stolen the phone numbers, addresses and IP addresses of tech company customers with their fake apps.
Researcher with whom Bloomberg spoke, suspecting that the hackers were minors from the UK and the US. One of them may also be the mastermind behind the Lapsus$ hacking group, which became clear last week that he carried out several attacks against big tech companies like NVIDIA and Okta. It would be a sixteen year old teenager from the London area.
In response to the news, Apple referred to Bloomberg company law enforcement guidelines. The tech giant doesn’t address this issue in terms of content.
Meta said in response that the company checks each request for legal authenticity. In its own words, the company uses sophisticated systems to detect abuse. The company also said it would cooperate with law enforcement in the event of fraud, including in this case.
It is not clear how much data the hackers stole. Snap, the company behind the photo app Snapchat, was also approached by hackers. It is unclear whether the company actually provided information to the criminals.
“Coffee trailblazer. Analyst. General music geek. Bacon maven. Devoted organizer. Incurable internet ninja. Entrepreneur.”