We are reader supported. External links may earn us a commission.

industry

Apple & Meta reportedly gave sensitive data to hackers pretending to be government officials

By Sanuj Bhatia March 31, 2022, 11:45 am
Facebook audio chat rooms pocketnow

Meta, the parent company of Facebook, and Apple reportedly gave away sensitive information to hackers who were pretending to be law enforcement officials. The data passed to hackers includes the user's address, phone number, and IP address, according to a report from Bloomberg. The data was shared multiple times with hackers in mid-2021 in response to the falsified emergency data requests.

How hackers gained access to the data?

In the modern-day world, every person uses at least some service from these big tech companies such as Google, Apple, and Facebook — even criminals. Law enforcement officials, in a bid to obtain some information about a culprit, often request these big tech companies to share data with them so as to help them with the case. While such requests require a subpoena or search warrant to be signed by a judge, emergency data requests don't.

POCKETNOW VIDEO OF THE DAY

Hackers took advantage of this loophole. The hackers first targeted the emails of the law enforcement officials. After gaining access to the email ID of the government officials, the hackers then submitted requests to these big tech companies in order to obtain sensitive information. While big tech companies generally verify these requests, in some cases slip-ups can happen, and thus data was shared with hackers.

According to a report from Krebs on Security, hackers selling government officials' email ID online is increasing day by day. The buyers are specifically looking for email IDs to target social platforms and extract sensitive information about users.

According to the report, Apple received 1,162 emergency data requests out of which Apple responded to 93% of the requests. On the other hand, Facebook received over 21,500 requests out of which 77% of the requests were answered.

Smartphone malware Source: Pexels

Who did this?

The question arises, who actually did this? The report from Krebs notes that the majority of such hackers are teenagers. Some are believed to be the masterminds behind the group Lapsus$ — the same group which targeted NVIDIA, Samsung, and Microsoft. Though such attacks are believed to be carried out by a cybercriminal team called the Recursion Team.

The Recursion Team has since dissolved and it is believed that some of the hackers have joined Lapsus$. The report notes that hackers repeatedly targeted these companies and extracted sensitive information for over seven months starting in January 2021.

What do Apple and Meta have to say about this situation?

In a statement to The Verge, Meta's spokesperson said that the company reviews "every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse. We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case."

On the other hand, Apple's spokesperson said:

"If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate."

Is there anything that can be done about the situation?

Gene Yoo, chief executive officer of the cybersecurity firm Resecurity, says that it's very difficult to find a simple solution for this. There is no centralized portal to submit such requests as every agency has different ways of handling data. The report from Bloomberg cites that ' Fulfilling the legal requests can be complicated because there are tens of thousands of different law enforcement agencies, from small police departments to federal agencies, around the world. Different jurisdictions have varying laws concerning the request and release of user data.'

Until a solution is found, companies and law enforcement should collectively take up responsibility for such incidents, and let the users know that their data has been compromised so there is no damaging effect of the data that the hackers have gained. Though data leaked this time only includes, the user's address, phone number, and IP address, it shows that hackers can easily gain access to a lot of data. The big tech companies and governments around the need to come up with a solution because a lot of data is at stake.

Search

Latest Articles

iOS

Here's how the Apple iPod changed the world in 21 years

iPod was an industry-changing device at its time, and it had a massive impact on modern smartphones, and the way we listen to music. We take a last look at the now-discontinued Apple iPod and the history it leaves behind.

By Roland Udvarlaki May 11, 2022, 10:00 am
iOS

How to use Mic Modes in VOIP and FaceTime Calls

This guide will go over the steps you need to follow to activate one of the available Mic Mode settings on Apple Devices to begin using the feature and improve your calling experience.

By Aryan Suren May 10, 2022, 10:00 am
Phones

This iPhone 14 feature might urge users to upgrade

Until now, it appeared that iPhone 14 would only be a minor upgrade over the iPhone 13 series. However, a new leak suggests that the iPhone 14 will come with one feature that might urge users to upgrade.

By Sanuj Bhatia May 9, 2022, 5:00 am