2 min read

Hackers Use Fake Emergency Requests to Steal Data from Apple, Meta and Others, Investigation Reveals

Silviu STAHIE

March 31, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers Use Fake Emergency Requests to Steal Data from Apple, Meta and Others, Investigation Reveals

Hackers tricked multiple large companies, including Apple, Meta and Discord, into turning over user data by complying with fake emergency data requests (EDR) seeming to come from official sources.

Companies that deal with private user information usually comply with law enforcement requests. There's often a warrant behind such requests, but there are exceptions, and criminals take advantage by tricking companies into thinking they are dealing with the police. It turns out that it's a much bigger problem than it appears.

Security journalist Brian Krebs was the first to report on this significant issue. He talked with various hackers who explained just how common these tactics are. One of them even explained how an EDR was sent to Discord to unveil details on an 18-year old person from Indiana.

Companies usually verify requests from law enforcement, but they don't have specific tools for it. Most of the time, employees see that the request comes from a valid domain and respond with the data within 30 minutes.

Unfortunately, hackers compromise legitimate law enforcement email accounts, which are then used to send these requests, making them look legit.

"While our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor," Discord told Krebs. "We have since conducted an investigation into this illegal activity and notified law enforcement about the compromised email account."

But Discord was not the only target. According to a Bloomberg investigation, both Apple and Meta and other companies have been targeted with such requests since early 2021. The EDRs arrive from compromised law enforcement accounts and are accompanied by forged signatures and real names. The investigation revealed that both Apple and Meta have complied with fake requests, although the companies aren’t commenting on it.

Incidents such as companies revealing personal information after complying with fake emergency requests are one of the reasons why people should be aware when their information leaks or lands on the darknet. A privacy-focused service that helps you take control and manage your digital self can help speed the recovery process and prevent any further financial damages. Bitdefender's Digital Identity Protection tool can help you manage your digital footprint and practice good cyber hygiene.

Subscribers receive real-time data breach notifications with easy-to-use one-click resolve items to shut down privacy threats alongside a complete mapping of their digital persona and even a way to sniff out any potential social media impersonators.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read