The American tech company Apple and Facebook parent company Meta accidentally provided customer data to hackers last year. The hackers pretended to be law enforcement officers and were able to obtain the user data through an emergency data request. Bloomberg reports this.
The hackers pretended to be law enforcement officers and were able to access Apple and Meta user data through forged emergency data requests. Such an emergency data request is normally used by, for example, the police in criminal investigations. An emergency request does not require the permission of a judge, because there is usually an acute threat. Normal requests are only issued with a search warrant or subpoena signed by a judge.
The hackers copied the emergency requests and sent them to various tech companies, including Apple and Meta. They also sent emergency requests to Snapchat, but the company did not respond. The falsified legal requests were likely sent via hacked email domains belonging to law enforcement agencies in multiple countries.
The hackers are said to have stolen addresses, phone numbers and IP addresses of customers of the tech companies.
Cybersecurity researchers say it is believed to be underage hackers from the United Kingdom and the United States. One of the hackers is said to be a 16-year-old boy from Oxford. He is also likely the mastermind behind hacking group Lapsu$.
This hacking group was responsible for several attacks on major tech companies such as NVIDIA, Microsoft , Okta and Samsung. Last week, seven people were arrested in London in connection with the investigation into the hacker group. This investigation is still ongoing.