Warning after Apple and Facebook ‘tricked by child hackers posing as police into giving away private user info’

HACKING has quite literally become child’s play.

Facebook owner Meta and Apple were reportedly duped into handing out private user data by cyber crooks who pretended to be the police.

2

2

And experts suspect those behind it might be naughty kids.

The group managed to get hold of basic details, such as a customer’s address, phone number and IP address, Bloomberg reports.

They apparently pulled it off by submitting fake emergency data requests.

With so many of us online, law enforcement regularly ask tech giants for details relevant to their investigations.

A search warrant or judge-signed subpoena is normally needed to get hold of information.

But in an urgent life or death situation, police can put in an emergency request that doesn’t require a sign off before.

The gaffe is thought to have happened in mid-2021 – though it’s not clear how many times they provided data.

Snapchat‘s owner is also believed to have received similar forged requests but it’s not known whether they fell for the ruse as well.

Cybersecurity experts think that it could be young people behind the attack, located in the UK and US.

One is suspected to be part of the Lapsus$ hacking group, which has targeted the likes of Microsoft, Samsung, Nvidia, and Ubisoft.

Seven people between the ages of 16 and 21 were arrested last week by City of London Police in connection with an investigation into Lapsus$.

Trick is ‘increasingly common’

According to Krebs on Security, the trick on Apple and Meta is increasingly common.

Typically, the bad actor has to get into the police’s email system to pose as an official law enforcement rep.

Some of the fakes sent out to Apple and Meta are thought to have included forged signatures of real and made up cops.

Apple’s guidelines state that a police officer “may be contacted and asked to confirm to Apple that the emergency request was legitimate”.

Meta spokesperson Andy Stone said: “We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.

“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]