Apple, Meta Tricked into Giving Customer Data to Forged Legal Requests by Hackers: Report

Meta and Apple reportedly provided customer data to hackers known as ‘Recursion Team’ masquerading as law enforcement.

Apple and Facebook parent company Meta may have handed over private customer information including addresses, phone numbers, and IP addresses last year in response to hackers who presented forged legal documents, a Bloomberg report says.

Cybercriminals who used hacked domains belonging to multiple law enforcement agencies made bogus “emergency requests” for certain users’ information, explains the report. The companies then handed over basic data like phone numbers, home addresses and IP addresses. That data could then be used by hackers to unleash harassment campaigns or to try to launch financial fraud schemes.

While not specifically stating whether they handed over user data, Apple and Meta both pointed to their processes for dealing with emergency government requests.

“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Meta spokesperson Andy Stone said in an emailed statement. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”

Apple pointed to its Law Enforcement Guidelines, Section II E, paragraph 3 of which says:

“If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

Very little information is available on Recursion Team, but it’s believed that one of the members could be none other than the founder of Lapsus$, the group that managed to hack tech giants like Microsoft, Nvidia, and Samsung. Cybersecurity experts believe they are based in the United States and the United Kingdom, but for now, no solid proof in this regard has been found.

In addition to Meta and Apple, it seems Snap has also been targeted with similar requests from hackers, but at this point, it’s not known if the company shared any information or not.