Apple, Meta Doled Out Customer Data To Hackers Masquerading As Law Enforcement: Report

Zinger Key Points
  • Apple, Meta provided data such as customer address, phone number and IP address - Bloomberg
  • Emergency data requests do not require a judge’s signature or a warrant
  • Snap also received similar requests, unclear if it complied with them
  • Discord confirmed to an independent journalist it had complied with a fabricated data request
Apple, Meta Doled Out Customer Data To Hackers Masquerading As Law Enforcement: Report

Apple Inc AAPL and Facebook parent Meta Platforms Inc META shared customer data with hackers who pretended to be law enforcement, Bloomberg reported on Wednesday, citing three people familiar with the matter.

What Happened: The two companies handed over data such as customer’s address, phone number, and IP address in mid-2021 after receiving fabricated “emergency data requests,” according to the report. 

Snapchat parent Snap Inc SNAP also received fabricated legal requests from the same hackers, but it was not clear if the company had complied with them, Bloomberg reported.

An Apple spokesperson referred Bloomberg to its law enforcement guidelines, according to the report. 

Those guidelines state that the enforcement agent who submitted the request on behalf of the government or law enforcement agency may be contacted and asked to confirm to Apple that the request was legitimate.  

“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,” a Meta spokesperson said, according to Bloomberg.

William Turton, the Bloomberg journalist who obtained the scoop, referred to the independent investigative journalist Brian Krebs and said that hackers had forged an emergency data request to obtain information from Discord.

Discord confirmed to Krebs on Security that it had fulfilled a forged legal request. 

See Also: How To Buy Apple (AAPL) Shares

Why It Matters: Researchers suspect the forged requests are being sent by minors in the United Kingdom and the United States. One of the minors is said to be the person behind “Lapsus$” — a cybercrime group that hacked companies such as Microsoft Inc MSFT, Samsung, and Nvidia Corp NVDA, according to Bloomberg. 

Hackers associated with another inactive cybercrime group “Recursion Team” were behind some of the legal requests sent to companies through 2021, according to Bloomberg.

While data requests are usually provided with a search warrant or subpoena signed by a judge, emergency requests do not need the same, people familiar with the matter told Bloomberg.

Price Action: On Wednesday, Apple shares closed 0.7% lower at $177.77 in the regular session and rose 0.2% in after-hours trading. On the same day, Meta Platforms shares declined 0.9% to $227.85 in the regular session and gained 0.2% in the after-hours trading, according to Benzinga Pro data.

Read Next: Apple Rides On Historic Oscar Win, Dangles Free Friday Night Baseball Games on Apple TV+

 

Posted In: cybercrimeDiscordhackersLapsus$NewsSocial MediaTechMediaGeneral