Apple and Facebook (now the holding company Meta), two of the most relevant technology companies on the planet, willingly sent private data to hackers. Amazing.
They did it because they thought they were police.
They were sent physical and IP addresses and phone numbers of an unspecified number of people, which may have numbered in the tens of thousands, according to a report from Bloomberg.
The two companies were misled in June last year when employees responsible for information security believed that an “emergency data request” sent by criminals was true.
The request or request for emergency data, which for its acronym in English is called EDR, is a legal procedure that is often used by the United States police to obtain information quickly in some investigations.
Without judicial orders: the data direct to the hackers
This kind of official request does not require judicial orders or major bureaucratic steps, since it is understood that they are of an urgent nature.
They are carried out very sporadically and, in most cases, only in cases where someone’s life is at risk.
Apple, Facebook or the company that receives the order must comply, but after verifying that it is real.
This verification, this time, seems not to have worked.
According to what Bloomberg was able to investigate, the hackers sent the fake EDR request using email addresses of real police officers.
They falsified, among other things, the signature of the uniformed men, after hacking the Police computer system, something that, apparently, was simple.
Hackers had tried to steal data from Snap
It would not be the first time that this strategy has been used to obtain user data from one of the major technology platforms.
According to the same US media, the EDR forgery began at the end of 2020 and companies such as Snap Inc.
Although in that case the attempt would have been unsuccessful since they would have been warned before sharing the data with the pirates.
The information from Bloomberg says that the attack would have been organized by the criminal group called ‘Recursion Team’, made up of teenagers from the US and UK.
Several of the members would now be part of another group, LAPSUS$, the “Latin American” organization that perpetrated hacks on Nvidia, Microsoft, Samsung and Mercado Libre.
Read more:
They have never stolen so many cryptocurrencies: US $ 615 million disappears in “Axie Infinity”
Toyota reactivates its plants in Japan after the cyberattack that affected 13 thousand cars
New criminal strategy: how they empty bank accounts with Quick Support and BBVA Send