Apple and Facebook reportedly provided sensitive customer information to hackers who faked being law enforcement officials in 2021.
Facebook parent company Meta and Apple gave the hackers basic customer details — such as phone numbers, home addresses, and IP addresses — in response to forged “emergency data requests,” Bloomberg reported.
Typically, such data requests can only be granted through search warrants or subpoenas provided by a judge, but emergency requests don’t require a full-court order.
The hackers who duped the companies are affiliated with cybercrime groups known as “Recursion Team,” who have a history of using fake legal requests to garner sensitive data, according to three people with knowledge of the matter who spoke with Bloomberg.
WATCH: RUSSIAN TV HACKED BY ANONYMOUS, AIRING FOOTAGE OF WAR IN UKRAINE
The fraudulent legal requests are believed to have been sent by the cybercriminals, who used hacked email domains belonging to law enforcement agencies in multiple countries to persuade the tech companies to provide them with customer data.
It’s not clear the size and scope of the customer data provided by the tech companies or how often they have given data to fake legal requests.
Apple received 1,162 emergency data requests from 29 countries from July to December 2020, according to an annual report it publishes with details on its compliance with emergency data requests. Apple granted customer data in response to 93% of those requests, Bloomberg reported.
Meta said it received 21,700 such emergency data requests from January to June 2021 globally and that it granted some data in response to 77% of those requests.
Facebook claimed it had safeguards in place to detect fraudulent or fake requests from law enforcement.
“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” said Meta spokesman Andy Stone in a statement. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
An Apple representative sent Bloomberg a section of its law enforcement guidelines when asked for comment regarding the incident.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The Apple guidelines say the government or law enforcement official who submitted the data request “may be contacted and asked to confirm to Apple that the emergency request was legitimate.”
