Apple and Meta Platforms, the parent company of Facebook, gave user data to hackers who masqueraded as law enforcement officials,Bloomberg News reports citing “three people with knowledge of the matter.”
William Turton for Bloomberg News:
Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.
The information obtained by the hackers using the forged legal requests has been used to enable harassment campaigns, according to one of the people familiar with the inquiry. The three people said it may be primarily used to facilitate financial fraud schemes. By knowing the victim’s information, the hackers could use it to assist in attempting to bypass account security.
Apple accepts legal requests for user data at an apple.com email address, “provided it is transmitted from the official email address of the requesting agency,” according to Apple’s legal guidelines.
Compromising the email domains of law enforcement around the world is in some cases relatively simple, as the login information for these accounts is available for sale on online criminal marketplaces.
MacDailyNews Take: Ay yi yi.
See also: Apple’s backdoor surveillance scheme remains delayed, not canceled – December 15, 2021
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Shop The Apple Store at Amazon.
“Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.””
“emergency requests don’t require a court order.” Apple and Facebook provided confidential information in response to “emergency requests.”
“The information obtained by the hackers using the forged legal requests has been used to enable harassment campaigns, according to one of the people familiar with the inquiry. The three people said it may be primarily used to facilitate financial fraud schemes. By knowing the victim’s information, the hackers could use it to assist in attempting to bypass account security.”
Apple and Facebook with all their tech prowess, billions and trillions of dollars in income were DUPED by minors located in the U.K. and the U.S.?!? Seriously?
Possibly my personal information is out their courtesy of Apple’s stupidity and reflexive knee jerk reactions, gee, thanks…
But… but… but… we censor, er… curate you for your safety!
Agreed, in the holy name of safety, but not reality…
The Mac proves that users don’t need to accept the iOS app store monopoly markups to be secure.
Apple doesn’t actually guarantee security or privacy, those are marketing hyperbole. Every user needs to be accountable for the devices they own. In a court of law, Apple would take that position.