Apple apparently passed some user data to a hacker group that forged legal requests for the information in a 2021 social engineering scam, Bloomberg reported, citing three sources familiar with the matter.
The hackers posed as law enforcement officers and convinced Apple employees to provide them with data such as customer addresses, phone numbers, and IP addresses after sending them fake "emergency data requests." Apple typically provides this information with a search warrant or subpoena. However, this does not apply to emergency requests, which are used in cases of immediate danger. Apple did not confirm that data was shared and referred to a request from Bloomberg on its law enforcement guidelines.
When asked for comment, an Apple representative referred Bloomberg News to a section of its law enforcement guidelines. The guidelines Apple cites state that a government or law enforcement supervisor who made the request "may be contacted and asked to confirm to Apple that the emergency request was legitimate," according to Apple's guidelines.
In addition to Apple, Facebook is also said to have fallen for it
Facebook parent company Meta also provided data to the same hacking group. In a statement, Meta said it was working with law enforcement on the alleged fraudulent requests. The information obtained from Apple, Facebook and others was used for harassment campaigns and could be used for financial fraud attempts. The requests were sent from hacked email domains belonging to law enforcement officials from several countries and were designed to look legitimate with fake signatures from real or fictitious law enforcement officials.
Some of the hackers may still be minors
According to Bloomberg, a cybercrime group called "Recursion Team" is linked to some of the fake requests sent to various companies in 2021. Some of the hackers are believed to be minors and located in the United States and the United Kingdom. At least one of the minors was also involved in the Lapsus$ group, which attacked Microsoft, Samsung, and Nvidia. As The Verge reported today reportedLapsus$ shared a post on Telegram claiming to have stolen 70 GB of data from the international software developer Globant. Screenshots of the stolen data show a folder called "apple-health-app." What is contained in this folder and whether it contains data originating from Apple is unclear. (Photo by Unsplash / Carles Rabada)
