Last year, a lot of user data was stolen from Apple and Meta by criminals using fake law enforcement subpoenas. The data requests were submitted to the tech companies using hacked police email accounts.
The two tech giants were tricked into handing over an unknown amount of subscriber details, including home addresses, email addresses, and telephone numbers. At least one similar request was received by the company that ownsSnapchat, but it hasn't said whether the data was turned over.
It's not clear how many fake requests were directed to Apple and how much data was turned over. We reached out to both companies and will update this story if they respond.
Meta uses advanced systems and processes to detect abuse and review every data request for legal sufficiency, according to Andy Stone.
A representative of the company couldn't confirm or deny whether data had been turned over, but told Gizmodo that the company had safety guards that were designed to be used for fraudulent law enforcement requests.
On Tuesday, Brian Krebs broke the news about the new trend of police email systems being used to submit fraudulent data requests to tech companies. In time-sensitive, life or death situations, such requests do not require a court order. Unlike other subpoenas, the companies are more willing to turn over data quickly if the request comes from a good law enforcement agency. Unfortunately, police email login credentials can be purchased on the dark web, making this practice not a huge stretch for a trained cybercriminal.
At least one instance of this happening occurred when hackers convinced chat platform Discord to turn over subscriber data on an 18-year-old user from Indiana. The data was mistakenly given to a malicious actor using a cop's compromised email account.
A hacker source told Krebs that criminals will use the stolen data to commit crimes, such as stalking, hacking, harassing and publicly humiliating their victims.
All Rights Reserved © 2024
