Apple and Meta were duped by the hackers

Apple and Meta were duped by the hackers

Safety
Deceived by hackers who falsified law enforcement requests, Apple and Meta shared their users’ data.

2021 was by no means a good year on the security front for Apple and Meta. The two companies, in fact, were misled by a very skilled group of hackers who managed to steal the personal information of their users from the two giants. The attackers have falsified the data request orders for emergency situations sent to the police, enabling the companies to spontaneously and unknowingly send everything to them.
Apple and Meta victims of hackers
The facts were disclosed by Bloomberg’s editorial staff, by sharing a specific report from which we learn that the events would have taken place in the middle of last year, after Apple and Meta considered the requests received to be authentic, and that the Stolen user data would include IP addresses, telephone numbers and residential addresses.

For the moment, it is not yet clear which hackers, exactly, are behind the work in question, but the first hypotheses refer to a group of criminals called the Recursion Team, which would then dissolve and part of the members would have joined with the Lapsus $ collective that has often been mentioned in recent times.
What is certain, however, is that the group’s actions have targeted law enforcement accounts in numerous countries (however, a detailed list is not available) and that in addition to Apple and Meta, Discord and Snap would also have been contacted.

What happened was also investigated by the well-known security researcher Brian Krebs, who points out that false emergency requests have unfortunately become very common. Hackers who choose to adopt this practice must first be able to access the e-mail system of a police department, in order to be able to forge an emergency request that describes the potential danger if the requested data is not provided in a timely manner.
When asked about the incident, Apple stated that when it receives an emergency request for information, it can contact the agent or the government manager who sent it to verify its legitimacy, while Meta makes it known to examine each request for data to verify its legality. and that uses advanced systems and processes to validate law enforcement requests and detect abuse. However, it is clear that in both cases the measures have proved insufficient.
Source: The Verge
• Shameful, it is never possible that our identities after we do everything to safeguard ourselves these idiots at the first knock on the door open their legs to the first comer! They should also be legally prosecuted for keeping silent about something so serious.
Antonello
31 March

deceived