Apple apparently passed some user data to a hacker group that forged legal requests for the information in a 2021 social engineering scam, Bloomberg reported, citing three sources familiar with the matter.
The hackers posed as law enforcement officials and convinced Apple employees to provide them with data such as customer addresses, phone numbers and IP addresses after sending fake “emergency data requests.” Apple usually provides this information with a search warrant or a subpoena. But this does not apply to emergency requests, which are used in cases of immediate danger. Apple did not confirm that data was shared and referred to Apple’s request for information. Bloomberg on its law enforcement guidelines.
When asked for comment, an Apple representative referred Bloomberg News to a section of the law enforcement guidelines. The guidelines Apple is referring to state that a government or law enforcement supervisor who made the request "may be contacted and asked to confirm to Apple that the emergency request was legitimate," Apple's guidelines state.
In addition to Apple, Facebook is also said to have fallen for it
Facebook parent company Meta also provided data to the same hacking group. In a statement, Meta said it was working with law enforcement on the alleged fraudulent requests. The information obtained from Apple, Facebook and others was used for harassment campaigns and could be used for financial fraud attempts. The requests were sent from hacked email domains belonging to law enforcement officials from several countries and were designed to look legitimate with fake signatures from real or fictitious law enforcement officials.
Some of the hackers may still be minors
According to Bloomberg, a cybercrime group called the “Recursion Team” is linked to some of the fake requests sent to various companies in 2021. Some of the hackers are believed to be minors and located in the United States and the United Kingdom. At least one of the minors was also involved in the Lapsus$ group that attacked Microsoft, Samsung and Nvidia. As The Verge reported today reported, Lapsus$ shared a post on Telegram claiming to have stolen 70 GB of data from international software developer Globant. Screenshots of the stolen data show a folder called "apple-health-app". What is in this folder and whether it contains data originating from Apple is unclear. (Photo by Unsplash / Carles Rabada)
