Bloomberg: Apple, Facebook and Discord passed user data to hackers posing as law enforcement officials
Hackers used “compromised” email accounts and, posing as law enforcement officials, took people’s personal data (the exact number is unknown). According to Bloomberg, both Facebook and Apple provided “basic subscriber data, such as the client’s address, phone number, and IP address.” Discord provided a “history of internet addresses of Discord accounts linked to a specific phone number”. The hackers tried the same thing with Snap, but it’s unclear if they got the users’ personal data.
Companies like Apple and Facebook often share data with law enforcement agencies, and these companies have dedicated teams to respond to such requests. Usually, such requests accompanied by a court order, but there are also “emergency” cases (EDRS) when law enforcement agencies request data without it, for example, when someone’s life is in danger.
In this case, hackers used this tactic to gain access to personal information about specific targets in order to “facilitate financial fraud schemes.” They were able to successfully trick companies into passing on data.
Meta (owned by Facebook) spokesman Andy Stone told Bloomberg that the company has security measures in place to verify legal requests and detect abuse.
“We block known compromised accounts from sending requests and work with law enforcement agencies to respond to incidents related to alleged fraudulent requests, as we did in this case,” – he said.
Apple and Snap also pointed to the company’s guidelines, saying they have policies in place to verify the legality of user data requests.
“We can confirm that Discord has received requests from a legitimate law enforcement domain and executed requests in accordance with our policies. We check these requests to see if they come from a genuine source, which we did in this case. Although our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it was compromised by an attacker. Since then, we have conducted an investigation into this illegal activity and notified law enforcement of the compromised email account,” – the company said.
Security researchers have linked some people involved in the scheme to the well-known hacker group LAPSUS$, whose members allegedly hacked Microsoft, Okta, NVIDIA, and Vodafone.