Apple and Facebook-parent Meta were both tricked last year into handing over user data to hackers, after the cybercriminals posed as law enforcement and demanded the information via false “emergency data requests,” according to a new report.
Bloomberg, citing three people familiar with the matter, reported Thursday that the tech giants handed over subscriber details such as customers’ home addresses and phone numbers to imposters who forged the legal requests and submitted them sometime in mid-2021.
It is unclear how much information was turned over.
APPLE CONSIDERING MORE CHIP SUPPLIERS INCLUDING CHINA: REPORT
Apple declined to comment but pointed to its Law Enforcement Guidelines, which state that “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”
Meta did not respond to FOX Business‘ request for comment on the matter.
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
AAPL | APPLE INC. | 174.61 | -3.16 | -1.78% |
Cybersecurity blog Krebs on Security explained the new hacking method in detail in a blog post earlier this week, noting that law enforcement officials typically have to present tech firms with a court-ordered warrant or subpoena when requesting user information. But these emergency data requests or EDRs are used in urgent cases that can be a matter of life or death and often do not require court orders.
SPAMMING YOURSELF: NEW TEXT MESSAGE SPAM FROM YOUR OWN NUMBER BAFFLES VERIZON CUSTOMERS
Hackers have figured that out and are trying to exploit the streamlined system, which puts companies like Apple and Meta in a tough predicament.
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
FB | META PLATFORMS INC. | 222.36 | -5.49 | -2.41% |
GET FOX BUSINESS ON THE GO BY CLICKING HERE
“Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately,” Krebs explained. “In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person.”