Apple and Meta tricked into giving away customer data – Reuters

The tech giants allegedly provided data to hackers pretending to be law enforcement.

The parent company of Apple and Facebook, Meta, was tricked into handing over its customer data to hackers posing as law enforcement officers wearing fake clothing. “emergency data requests”, Bloomberg revealed it on Wednesday, citing three sources familiar with the matter. Information obtained fraudulently would include users’ phone numbers, IP addresses, and even physical addresses.

The hackers also tried to scam Snap, Snapchat’s parent company, by spitting out the same data, but it’s unclear if they were successful. The sources declined to say how many times the social media platforms in question were persuaded to provide information in response to fraudulent requests.

While this information is typically only provided in response to a subpoena or search warrant, both of which would require a judge’s signature, so-called “emergency requests” require no such thing, making it surprisingly easy for hackers. In fact, cybersecurity researchers investigating the case believe that at least some of the hackers in question are minors operating from the US and UK.

Read more

Critical software bug sets the Internet on fire

According to Bloomberg sources, at least one of the miners is believed to be the boss of Lapsus$, a cybercrime ring that previously hacked into Microsoft, Samsung and Nvidia. City of London Police have arrested seven people in connection with the Lapsus$ investigation.

In trying to explain its eagerness to fork customer data, Apple referred Bloomberg to a section of its compliance guidelines that sets out a “The government supervisor or law enforcement official who submitted the request may be contacted and asked to confirm to Apple that the emergency request was legitimate. »

Meta insisted on reviewing all data requests to “legal sufficiency” and claimed to use “Advanced systems and processes to validate law enforcement requests and detect abuse. »

According to spokesman Andy Stone, the company is also blocking “compromised accounts known to have made requests” and works with law enforcement to respond to “Incidents of alleged fraudulent claims, like we did in this case. »

Snap declined to comment beyond a statement that the company has security measures in place to block fraudulent data requests.

Read more

Hackers hack FBI mail server

Social media companies are ultimately the victims of law enforcement’s thirst for data, given the frequency with which these agencies request information from online platforms. Apple provides data in response to 93% of emergency requests, while Meta responds with data to 77%.

This particular scam began around January 2021, two of the sources claimed, explaining that the hackers were targeting tech companies through hacked email domains belonging to law enforcement agencies located in various countries, spoofed in an effort to make them look legitimate. Sometimes they even included real stolen signatures, which can be had on dark web markets for as little as $10, according to Gene Yoo of cybersecurity firm Resecurity.

Dennis Alvarado

"Total social media fan. Travel maven. Evil coffee nerd. Extreme zombie specialist. Wannabe baconaholic. Organizer."

Leave a Reply

Your email address will not be published.