According to a media report, the companies Apple and Meta have passed on user data to hackers who had posed as law enforcement agencies. The Lapsus$ group may be involved.
Apple and the Facebook group Meta are said to have passed on user data to hackers, reports the US magazine “Bloomberg”. The attackers had compromised e-mail addresses from law enforcement agencies and thus made fake emergency requests to the companies. The published data were IP addresses, telephone numbers and home addresses of users, it is said.
The cases that have now become known came from the middle of last year and, according to security researcher Brian Krebs, are assigned to the Recursion Team hacker group. That describes cancer on his blog “Cancer on Security”. The group has since disbanded. But some members have found a job with the well-known hacker collective Lapsus$.
Inquiries were made for several months
It is not known how much data the hackers stole. Investigators told Bloomberg that the attackers “accessed law enforcement agency accounts in multiple countries and contacted many companies over several months beginning in January 2021.”
Law enforcement authorities may request user data from social networks during investigations in order to obtain information about the owner of a profile. These requests typically require a subpoena or search warrant. In the case of emergency requests, the companies are allowed to pass on the data without such judicial letters.
Hackers sell email credentials on the Internet
According to Brian Krebs, there is an increasing number of fake emergency requests that require hackers to gain access to a law enforcement agency’s email systems. According to him, hackers sell government e-mail accounts on the Internet.
According to “Bloomberg”, Meta and Apple are not the only companies affected by fake emergency requests. Accordingly, the Snapchat company Snap was also contacted with a fake request. However, it is not known whether the company has released user data.
–