Apple and Meta shared data with hackers pretending to be law enforcement officials

Illustration by Alex Castro / The Verge

Apple and Meta gave user data to hackers who faked emergency data request orders, according to a report. Both companies gave 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780 800-313-5780

Law enforcement officials can obtain information about the owner of a specific online account by requesting data from social platforms. Emergency data requests do not require a subpoena or search warrant and are intended for cases that involve life-threatening situations.

According to a recent report from Krebs on Security, fake emergency data requests are becoming more and more common. During an attack, the police department's email systems must be accessed. The emergency data request can be made by the hackers if they want to show the potential danger of not having the requested data sent over right away. According to Krebs, some hackers are selling access to government emails online in order to target social platforms with fake emergency data requests.

According to Krebs, the majority of bad actors carrying out these fake requests are actually teenagers, and that the teen mastermind behind the Lapsus$ hacking group could be involved in conducting this type of scam. Seven teens have been arrested in connection with the group.

The members of a cybercriminal group called Recursion Team may have been behind last year's string of attacks. Some of the group have joined Lapsus$ with different names. According to officials involved in the investigation, hackers accessed the accounts of law enforcement agencies in multiple countries and targeted many companies over the course of several months.

Andy Stone, Meta's policy and communications director, said in an email that they review every data request for legal sufficiency and use advanced systems and processes to detect abuse.

Apple directed The Verge to its law enforcement guidelines, which state: "If a government or law enforcement agency seeks customer data in response to an Emergency Government and Law Enforcement Information Request, a supervisor for the government or law enforcement agent."

Meta and Apple are not the only companies affected by fake emergency data requests. It's not clear if the company followed through on the forged request. Krebs on Security's report includes a confirmation that the platform gave away information in response to one of the fake requests. They didn't respond to requests for comment.