Apple and Meta mistakenly passed on user data to the scammers: the Bloomberg investigation
Apple and Meta – the latter owned by Facebook and Instagram – trusted the fraudsters who pretended to be law enforcement and passed on user data. And although the former denies everything, Bloomberg has evidence.
According to the agency, in January 2021, fraudsters launched a multi-month campaign targeting various technology corporations. The incidents reported by Bloomberg took place in the middle of the year.
Apple and Meta provided addresses, phone numbers and IP addresses in response to bogus “emergency requests”. Such data usually requires a court decision or a signed warrant, but for emergency requests, under US law, they are not required, as such cases require a very rapid response.
Letters of inquiry sent from compromised e-mail boxes to law enforcement agencies around the world. Simply put, they were hacked by hackers. Three Bloomberg sources said at once that in some cases the requests contained fake signatures of real or fictitious law enforcement officers.
In companies, of course, everything denied.
- An Apple spokesman referred Bloomberg to a section of his law enforcement instructions.
- They say that a law enforcement officer who made an emergency request “can be contacted and asked to confirm that Apple was legitimate.”
- Meta spokesman Andy Stone said the company checks every data request and uses systems to detect abuse.
We are blocking compromised accounts and cooperating with law enforcement agencies, – he said.
- Snap, which owns Snapchat, also received a fake request. It is unknown whether she passed on user data, as she did not comment on the case. A Snap spokesman said the company had precautions to detect fraudulent law enforcement inquiries.
- Krebs on Security also reported a similar case. Hackers forged a request for emergency data to obtain information from the Discord platform. In a statement, Bloomberg Discord confirmed that it also complied with a forged legal request.
Hackers can use the information obtained to harass and financial fraud. According to sources, behind some fake legal inquiries sent to companies during 2021, there are hackers from the group Recursion. Today, it is no longer active, but many of its members continue to carry out attacks under different names.
It is unclear how many times companies have provided data based on forged legal requests. And it is not at all clear how many more such companies have fallen into the trap of fraudsters.