Apple and Meta handed over sensitive data straight to hackers

Tech giants fell for fake EDR request scam last year

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Some of the victims of a new scam wherethreat actors impersonated policeto steal sensitive data from tech companies’endpointshave been revealed, and they’re big news.

ABloombergreport claims that both Meta (Facebook’s parent company) andApplefell for the trick, with the two companies reportedly sharing user IP addresses, phone numbers, and home addresses with the fraudsters.

Besides Meta and Apple, a number of other major tech companies have reportedly been targeted, including Snap and Discord, although it’s unclear whether or not these companies fell for the scam.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Snap and Discord targeted

Commenting on the news, Meta’s policy and communications director, Andy Stone, told The Verge that the company reviews every data request for legal sufficiency and uses “advanced systems and processes” to validate law enforcement requests and detect abuse.

“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,” he said in a statement.

“This tactic poses a significant threat across the tech industry,” Peter Day, Discord’s group manager for corporate communications said. “We are continuously investing in our Trust & Safety capabilities to address emerging issues like this one.”

This British teenager is apparently the mastermind behind Lapsus$>Everything we know about Lapsus$ and Okta so far>There’s been another development in the Lapsus$ saga

In the original report from KrebsOnSecurity, it was said that a group of threat actors, possibly the same people that later formed Lapsus$, managed to compromise email accounts from law enforcement agencies, most likely via phishing orviruses.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They then used those emails to reach out to large companies with an EDR - Emergency Data Request. Law enforcement agencies reach out to companies all the time, with the request to provide data on users and customers. These requests, however, need to be in compliance with certain regulations and usually take a little time to be processed.

EDRs, however, bypass all of that, as they’re used in a matter of life and death (or serious injury). By playing the EDR card, threat actors force businesses to either risk someone’s life by taking their time to confirm the sender’s identity, or risk leaking data, by hurrying to share it without double-checking who the sender is.

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time