Apple turned over data to hackers posing as law enforcement

On 30/03/2022, reports emerged that Apple Inc. and Meta had provided limited customer data to hackers who posed as law enforcement officials using forged emergency data requests. According to coverage of the incident, the attackers gained access to legitimate email domains associated with law enforcement agencies in multiple countries and used those accounts to send urgent requests for user information. Emergency data requests are typically used in life threatening situations and do not require a judge’s signature, allowing companies to respond quickly when immediate disclosure is requested. The reports stated that Apple provided basic subscriber information in response to some of these forged requests, including IP addresses, phone numbers, and home addresses. No content such as photos or messages was reported to have been shared. The fraudulent requests were sent during 2021, and the incident came to light in March 2022 after cybersecurity researchers identified the tactic. Apple and Meta were among several technology companies that received the requests. The companies later reviewed procedures for verifying emergency disclosure requests following the incident. Cybersecurity researchers linked the activity to young hackers in the United States and United Kingdom, including individuals associated with groups known as Recursion Team and Lapsus$. The attackers reportedly used compromised law enforcement email systems to make the requests appear legitimate. The number of affected users was not publicly disclosed. Apple’s transparency reporting indicated that historically the company complied with a high percentage of valid emergency requests, which contributed to the effectiveness of the impersonation tactic used by the attackers.