Once Facebook and other Meta apps used to be safest for users to socialize with others. However, for a few years, Facebook Data privacy has altered in a way to jeopardize the user’s personal information. In mid-2021, some hackers pretended to be law enforcement officials. They demanded details from Apple and Meta apps under ’emergency data requests’ and the companies provided them with the details.
Whose Behind these Forged Emails?
Researchers have speculated that Lapsus$ is behind this hacking campaign. Lapsus$ has had a record of violating with Microsoft, Samsung, Okta, and Nvidia. Researchers suspect that there are minors based in UK and USA. It is still unknown the purpose of these hackers to ask for this information. Maybe the mastermind behind this act is one of the minors from Lapsus$.
Along with Lapsus$, ‘Recursion Team’, another hacktivist group could be behind sending these forged legal requests. In these requests, they demand the personal information of users. Researchers believe that the member of this team is working under disguise or with Lapsus$ to crack Apple and Facebook data privacy. It is so because Recursion Team is no longer active.
How Did They Distort Apple and Facebook Data Privacy?
Since the hackers pretended to be law enforcement officials who required no legal court orders and tricked Apple and Meta companies to release information about users. The information included users’ addresses, contact details, and IP addresses. This did not only happen to Facebook and Apple but with other companies too. Snap. Inc and Discord also got these forged email requests. Snap. Inc has a strong privacy policy to releasing any information. Thus, did not comment on the incident.
Response From Companies
However, Discord did respond to this incident. The representative stated, “We verify these requests by checking that they come from a genuine source and did so in this instance. While our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor. We have since conducted an investigation into this illegal activity and notified law enforcement about the compromised email account.”
The Apple representative stated about the incident, “A supervisor for the government or law enforcement agent who submitted the request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”
Meta representative commented, “We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse. We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
Meta also updated about this incident on its official website. The update included, “In emergencies, law enforcement may submit requests without legal process. Based on the circumstances, we may voluntarily disclose information to law enforcement where we have a good-faith reason to believe that the matter involves imminent risk of serious physical injury or death.”
Meta is currently collaborating with law enforcement agencies to safeguard the rights and privacy policy of the company.