Tech companies Apple and Meta gave sensitive customer data — including addresses, phone numbers, and IP addresses — to hackers posing as law enforcement officials, Bloomberg reported Wednesday.
To add insult to injury, some cybersecurity researchers believe that the hackers behind the fraudulent information requests are "minors located in the U.K. and U.S.," per Bloomberg.
Apple and Meta normally require law enforcement to submit a subpoena, court order, or search warrant to compel disclosure of user information, according to the companies' policies.
Federal law prohibits "electronic communication" companies from disclosing users' data and posts, but includes a number of carveouts. One of these allows for disclosure "to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." Even in such cases, however, disclosure is still voluntary.
According to Bloomberg, Apple's publicly available data show that the company complied with 93 percent of the 1,162 emergency law enforcement requests it received between July and Dec. 2020. Meta complied — at least partially — with 77 percent of the 21,700 requests it received between Jan. and June 2021.
"Dark web underground shops contain compromised email accounts of law enforcement agencies, which could be sold with the attached cookies and metadata for anywhere from $10 to $50," cybersecurity firm CEO Gene Yoo told Bloomberg.
Meta also made headlines Wednesday when The Washington Post revealed that the Facebook parent company had paid Republican consulting firm Targeted Victory to "turn the public against" competitor TikTok.