According to Bloomberg, in the middle of 2021 Apple, Meta and Discord staff sent hackers their clients’ data
08.04.2022Back to news
Hackers managed to obtain user data from companies such as Apple, Meta and Discord. Intruders impersonated themselves as law enforcement officers, and got access to users’ addresses, phone numbers and IP-adresses.
Companies’ employees sent such information, as users addresses, phone-numbers and IP-adresses. This incident happened because hackers impersonated themselves as law enforcement officers and sent "emergency data requests". It should be noted, that in case with "emergency data requests", no special court statement is required.
It’s still unclear, how many times the data was sent in reply to unverified request. However, overall, from July to December 2020 Apple received 1162 emergency data requests from 29 countries, and sent data in reply to 93% of these requests. Meta received 21700 emergency data requests from January to June 2021 and sent some data in reply to 77% of requests. Snap also received such requests, but it’s also still unclear, if Snap’s employees have sent any data in reply.
Apple representative appealed to the section of enforcement guidelines, which tells, that company is able to get in contact with law enforcement officer, who sent the request, in order to verify it’s compliance with law. In turn, Meta representative Andy Stone declared, that each data request is checked and that company uses special systems in order to detect malversation. Snap’s representative also declared, that company has tools, which can identify fraudulent requests.
At the same time, sources claim that hackers use the received information for harassment and financial fraud. In some cases, hackers’ requests included fake signatures of real officers, while in some other cases hackers used real requests as pattern for fake one.
Earlier, execution of fake request was confirmed by Discord. Despite that account was checked, and it was legal, in the end it turned out that it was compromised by an intruder. Company held an investigation and acknowledged law enforcement that their account had been hacked.