A recent story by a credible source says, Apple, Facebook, and Discord handed customer data to hackers acting as law enforcement officials. The demands were allegedly fabricated to seem like valid legal requests and were allegedly sent from legitimate email accounts that had been “compromised.”
According to the source, Facebook and Apple both provided “basic subscriber details, such as a customer’s address, phone number and IP address.” Another reliable source states, Discord offered “the Internet address history of Discord accounts tied to a specific phone number.” The hackers also targeted Snap, although it’s unclear if the company provided the sought information.
The primary source says, it is normal for companies such as Apple and Facebook to pass over data to law authorities, and these companies have specific teams to respond to such demands. Normally, these demands are accompanied by a court order, but in “emergency” situations, such as when someone’s life is deemed to be in danger, law enforcement may obtain data without one.
In this case, the hackers used this technique to get access to personal information about specific targets in order to “facilitate financial fraud schemes.” They were able to trick the corporations into turning over the data by using stolen emails linked to actual law enforcement employees.
Meta spokesperson Andy Stone told Bloomberg that the business has procedures in place to check lawful requests and prevent misuse. “We block known compromised accounts from making requests and collaborate with law enforcement to respond to incidents involving suspected fraudulent requests, as we did in this case,” Stone explained.
Apple and Snap also cited business regulations, claiming that they had systems in place to validate the authenticity of requests for customer data. However, if the demands appear to be from real law enforcement authorities, these measures may fall short. According to Discord, as reported by Krebs on Security:
“We can confirm that Discord received requests from a legitimate law enforcement domain and acted in accordance with our policies.” We verify these requests by checking that they come from a genuine source, and did so in this instance. While our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor. We have since conducted an investigation into this illegal activity and notified law enforcement about the compromised email account.”
Surprisingly, security experts have apparently linked a few of those engaged in this operation to another high-profile hacking outfit, Lapsus$, whose members were accused of hacking Microsoft and Okta. According to the source, one of those engaged in fabricating the requests is also “the mastermind behind the cybercrime group Lapsus$.”
- Google Introduces AI Mode: A Game-Changer for Search - March 12, 2025
- Security Researchers Find DeepSeek Security Vulnerabilities - February 6, 2025
- Tech Giants Unite to Tackle Child Safety Online with ROOST - January 11, 2025
