According to a new report, a group of hackers posing as law enforcement officials obtained customer data from Meta, the parent company of Apple and Facebook. The criminals were able to collect the physical addresses, phone numbers, and IP addresses of their victims using Emergency Data Requests.
According to three people with knowledge of the situation, forged Emergency Data Request (EDR) forms were used to contact Apple and Meta.
Unlike standard data requests that require a court order or a warrant, EDRs can be used without a court order in situations where there is an immediate danger. According to the report, the stolen information has been used to perpetrate fraud, gain access to accounts, and facilitate harassment.
Although Snap Inc. received one of the fake legal requests, it isn’t clear if the company also provided hackers with sensitive information.
Cybersecurity experts believe that some of those who sent the forged requests were minors from the United States and the United Kingdom, one of whom is said to be the mastermind behind the notorious Lapsus $group. Recently, a teenager was identified as one of the seven people later arrested.
According to Apple’s guidelines, “Every data request is reviewed for legal sufficiency and uses advanced systems and processes to validate government requests and detect abuse,” according to Apple’s guidelines, which state that the company may contact the supervisor of a law enforcement official to verify whether or not a request is legitimate. According to Snap’s claims, there are safeguards in place to detect fraudulent requests as well.
During a months-long campaign targeting several tech companies, a group known as the Recursion Team is believed to be behind the forged requests. Despite the fact that the band is no longer active, former members have formed other bands, including Lapsus.
It appeared that the requests were genuine because hackers broke into the email systems of law enforcement to steal document templates and forge signatures of real or imaginary officers. According to Krebs on Security, Discord received one of the requests from the group. However, while the verification process confirmed that the law enforcement account itself was legitimate, we later discovered that it had been compromised by a malicious actor, “says the company. “