Hackers tricked Apple and Meta with bogus legal requests. You are at risk

You’d think the titans of Big Tech would run backup checks on anyone demanding personal user data. But last year we learned how easy it is to terrify a company. A gang of mysterious hackers forged legal requests to trick Google and Meta into sharing user addresses, phone numbers and more.

Worse, it may have been child’s play: Some experts suspect a gang of teens is behind the massive data breach. The teens reportedly pretended to be law enforcement officers and made false legal requests. Tap or click here for a surprising trick to spot counterfeiting.

It’s pretty standard for law enforcement to ask tech companies for user information. But it’s rare for companies to fall for fake requests, hook, line and sinker. Here’s how the hackers did the scam and what to do if you have collateral damage.

All data breaches are big deals, but this one is especially tricky

So far, the hackers have used the information they stole to run intimidation campaigns, Bloomberg reports:† They can use the information to take over accounts or cause financial fraud.

Don’t think this is an isolated incident. The attacks on Meta and Apple are part of a campaign targeting Big Tech companies.

Your daily dose of tech smarts

Learn the tech tips and tricks only the pros know.

Bloomberg speculates that the hackers roamed email inboxes after breaking into law enforcement email systems. That’s when the hackers may have discovered official requests for emergency data.

They may have used these requests as templates for their forged legal requests. (Remember, we’re not sure how it happened; this is all speculation.) Tap or click here to prevent a phishing attack that would allow hackers to read and send emails from your account.

Ever heard of an emergency data request? Here’s a quick overview

When police investigate crimes, they often turn to technology for answers. They will ask social media platforms to help by sending an official court order or subpoena. In other words, a judge must sign the petition.

The rules are slightly different when we talk about emergency data requests. In these cases, time is of the essence, so the rules are a bit looser. Officials don’t have to wait for a judge’s approval before filing the request. Usually officers send them out in high-stakes situations, such as when someone is in danger.

So when the hackers sent these requests, Facebook and Meta officials thought they were doing the right thing. They shared user data to help agents, but ended up contributing to harassment campaigns.

The Aftermath of the Teens’ False Legal Requests

British police have made several arrests in recent weeks. According to authorities, the hacking group Lapsus$ may be behind the attack. This group has attacked many tech giants from Samsung and Nvidia to Okta and Microsoft.

In late March, British authorities arrested seven people on suspicion of connections to the group. They are now investigating a 16-year-old from Oxford, UK, according to WePC.com† They suspect a teenager could be the mastermind behind the surgery.

How does this affect you?

It’s easy to be insensitive when it comes to data breaches. But you have to be alert, because complacency can put you at a considerable disadvantage.

Think of it this way: With every data breach you are a part of, some information is leaked. These data points are like puzzle pieces. As more and more companies are breached, more puzzle pieces are exposed to the public.

Hackers can put all those pieces together if you don’t protect yourself. Then they can turn around and use that informational puzzle to impersonate you. Since data breaches can lead to identity theft, you should be wary.

A thief who steals your private information can take over your bank accounts and even commit crimes in your name. Tap or click here for free identity theft protection. Check out the guides below for a few more ways to protect yourself.

read more

Part of a data breach? These are the steps you should take right away

This way your stolen data can be used after a breach


Your daily dose of tech smarts

Learn the tech tips and tricks only the pros know.

Change These 10 Facebook Security Settings To Improve Privacy

Leave a Reply

Your email address will not be published.