In mid-2021, Apple provided customer data to hackers after they masqueraded themselves as law enforcement officials, shows a new report by Bloomberg. According to people familiar with the matter, the company provided basic subscriber details due to forged “emergency data requests.”
The publication explains that “normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, such emergency requests don’t require a court order.”
Alongside Apple, Meta – Facebook’s parent company – also gave hackers users’ data. Snapchat also received a forged legal request from the same hackers, although it’s unclear whether the company provided information.
To Bloomberg, an Apple representative referred to a section of its law enforcement guidelines, instead of a formal comment.
The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request “may be contacted and asked to confirm to Apple that the emergency request was legitimate,” the Apple guideline states.
According to the publication, “hackers affiliated with a cybercrime group known as ‘Recursion Team’ are believed to be behind some of the forged legal requests.” Some of the hackers could be minors located in the UK and the US, according to cybersecurity researchers. In addition, one of them could be the mastermind behind the cybercrime group that hacked Microsoft, Samsung, and Nvidia.
Allison Nixon, chief research officer at the cyber firm Unit 221B, comes in defense of Apple and Facebook’s teams that handle law enforcement:
In every instance where these companies messed up, at the core of it there was a person trying to do the right thing. I can’t tell you how many times trust and safety teams have quietly saved lives because employees had the legal flexibility to rapidly respond to a tragic situation unfolding for a user.
Both companies publish data on their compliance with emergency data requests, Bloomberg notes. From July to December 2020, Apple received 1,162 emergency requests, and it had provided data response to 93% of those requests. Facebook, on the other hand, received 21,700 emergency requests from January to June 2021 and provided responses to 77% of the requests.
FTC: We use income earning auto affiliate links. More.