LONDON: Reports revealed on Thursday that Facebook’s parent Meta, as well as Apple Inc., provided customer data to hackers who masqueraded as law enforcement officials in mid-2021.
The tech companies provided basic subscriber details, such as customer addresses, phone numbers and IP addresses to hackers in response to forged “emergency data requests.”
In some instances, the documents included forged signatures of real or fictional law enforcement officers.
Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the reports. However, emergency requests do not require a court order.
“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Meta spokesman Andy Stone said in a statement.
“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
Cybersecurity researchers suspect that some of the hackers who sent the forged requests were minors located in the UK and the US. One is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp.
Meta and Apple were not the only known companies affected by fake emergency data requests. Reports indicated that hackers also contacted Snap Inc. with forged requests, but it is unclear if the company responded.
Apple and Meta both publish data on their compliance with emergency data requests. From July to December 2020, Apple received 1,162 emergency requests from 29 countries. According to its report, Apple provided data in response to 93 percent of those requests.
Meanwhile, Meta said it received 21,700 emergency requests from January to June 2021 globally, providing some data in response to 77 percent of cases.