Hackers pretending to be cops tricked Apple and Meta into handing over user data

Hacker using laptop
(Image credit: katleho Seisa/iStock)

Tech companies Apple and Meta gave sensitive customer data — including addresses, phone numbers, and IP addresses — to hackers posing as law enforcement officials, Bloomberg reported Wednesday.

To add insult to injury, some cybersecurity researchers believe that the hackers behind the fraudulent information requests are "minors located in the U.K. and U.S.," per Bloomberg.

Apple and Meta normally require law enforcement to submit a subpoena, court order, or search warrant to compel disclosure of user information, according to the companies' policies.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Federal law prohibits "electronic communication" companies from disclosing users' data and posts, but includes a number of carveouts. One of these allows for disclosure "to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." Even in such cases, however, disclosure is still voluntary.

According to Bloomberg, Apple's publicly available data show that the company complied with 93 percent of the 1,162 emergency law enforcement requests it received between July and Dec. 2020. Meta complied — at least partially — with 77 percent of the 21,700 requests it received between Jan. and June 2021.

"Dark web underground shops contain compromised email accounts of law enforcement agencies, which could be sold with the attached cookies and metadata for anywhere from $10 to $50," cybersecurity firm CEO Gene Yoo told Bloomberg.

Meta also made headlines Wednesday when The Washington Post revealed that the Facebook parent company had paid Republican consulting firm Targeted Victory to "turn the public against" competitor TikTok.

Explore More
Grayson Quay

Grayson Quay was the weekend editor at TheWeek.com. His writing has also been published in National Review, the Pittsburgh Post-GazetteModern AgeThe American ConservativeThe Spectator World, and other outlets. Grayson earned his M.A. from Georgetown University in 2019.