Apple and Meta Gave User Data to Hackers Posing as Police | WIRED

Apple and Meta Gave User Data to Hackers Posing as Police | WIRED: Apple and Meta Gave What to Whom? In one of the more creative ploys we've seen recently, hackers reportedly duped Apple and Meta into handing over sensitive user data, including names, phone numbers, and IP addresses, Bloomberg reports. The hackers did so by exploiting so-called emergency data requests (EDRs), which police use to access data when someone is potentially in immediate danger, such as an abducted child, and which do not require a judge's signature. Civil liberty watchdogs have long criticized EDRs are ripe for abuse by law enforcement, but this is the first we've heard of hackers using the data-privacy loophole to steal people's data. According to security journalist Brian Krebs, the hackers gained access to police systems to send the fraudulent EDRs, which, because of their urgent nature, are allegedly difficult for tech companies to verify. (Both Apple and Meta told Bloomberg they have systems in place to validate requests from police.) Adding another layer to the saga: Some of the hackers involved in these scams were later part of the Lapsus$ group, both Bloomberg and Krebs reported, which is in the news again this week for entirely other reasons.