Tech companies Apple and Meta, the parent company of Facebook, allegedly handed over customer data to hackers posing as law enforcement officers. This was reported by financial news agency Bloomberg on Wednesday, citing sources familiar with the matter. According to the latter, the data included addresses, telephone numbers and IP addresses. This would have happened during a fake emergency request for data. Unlike a normal information request, an emergency order does not require a document signed by a judge. Snap, the company behind Snapchat, also received a fake request from the same hackers. It’s unclear whether the company provided any data in response. It is also unclear how many times companies provided data in response to such bogus requests.
Cybersecurity researchers suspect several of the hackers are underage and are located in the UK and US. One of the miners is also the mastermind of the Lapsus$ hacker group, which has hacked Microsoft, Samsung and Nvidia, among others, the sources cited by Bloomberg said.
London police recently arrested seven people in connection with an ongoing investigation into Lapsus$.
In a reaction to Bloomberg, an Apple representative referenced the company’s guidelines for compliance with the law. The company, however, did not respond on the merits.
Meta, meanwhile, replied that it verifies the legality of each request for data. The company says it also uses sophisticated systems and processes to validate law enforcement requests and detect abuse.
The company says it works with law enforcement to respond to incidents related to suspected fraudulent claims, “as we did in this case.”
Law enforcement agencies around the world routinely request information regarding users of social media platforms as part of criminal investigations. In the United States, such requests generally require an order signed by a judge. Emergency applications, which are intended to be used in the event of imminent danger, do not, on the other hand, need to be signed by a judge.