Meta and Apple have been victims of fraudulent data access requests. Issued from addresses belonging to the authorities, they were nevertheless the work of a group of hackers.
It’s quite unfortunate… According to Bloomberg, which cites three people familiar with the matter, Apple and Meta (ex-Facebook) would have transmitted certain user data to hackers by responding favorably to their emergency requests, generally sent by security forces. ‘order. Except that they were falsified this time.
The affair occurred in mid-2021 and the two companies are said to have fallen into the trap, providing information on users’ IP addresses, telephone numbers and home addresses. The hackers would have previously introduced themselves into the messaging services of the police to make their requests credible.
According to cybersecurity experts, the latter are more and more frequent since they take advantage of a legal vagueness. Normally, such requests for data are made only accompanied by a decision written by a judge. But urgent, potentially life-threatening requests do not require a court order. “We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse”tried to justify a spokesperson for Meta in a press release.
The hackers therefore slipped through the cracks. Cyber security researchers suspect that some of the hackers who send these fake requests are minors located in UK and USA. One of them, himself a minor, would also be the mastermind behind the cybercrime group Lapsus$, known recently for the hacks of Microsoft and Nvidia. Neither Bloomberg nor the targeted companies have commented on the personalities targeted or the purpose of this information retrieval.