Several recent attacks on tech giants show how these criminals are increasingly seeking to extract sensitive information from companies – and to do so, they use a variety of approaches.
According to Bloomberg, hackers managed to obtain data from Apple, Facebook and Google users using a rather unusual strategy. They posed as FBI agents and sent requests that appeared to be authentic to these companies, who handed over the information thinking it was a legitimate demand.
The requests allegedly came from real email accounts that were compromised in another hack.
In the case of Facebook and Apple, according to the website, there was the provision of “basic user details such as address, phone number and IP”. Discord provided the “history of internet addresses of Discord accounts linked to a specific phone number”.
There are reports that hackers have also contacted Snap, but it is still unclear whether the company has provided the requested information.
As quoted by Bloomberg, this type of corporate action is not uncommon. Large companies that control social media often receive this type of request from law enforcement. Therefore, they must have thought that it was just another one of these processes.
These requests are usually accompanied by a court order. However, in some rare moments, when it is believed that someone is in danger, there are cases of “emergency” – and it was precisely using this issue that hackers took advantage.
In a statement, a Meta spokesperson said the company often blocks “known compromised accounts from making requests and we work with authorities to respond to incidents involving suspicious fraudulent requests, as we did in this case” from the hackers.
Apple and Snap, on the other hand, said they have their own policies to check for this type of fraud, but that cases like this can occur because the requests came from emails associated with legitimate law enforcement agencies.
Ultimately, Discord revealed that it responded to the requests “in line with our policies. We have verified these requests by verifying that they come from a genuine source, and we have done so in this case. While our verification process confirmed that the law enforcement account itself was legitimate, we later discovered that it had been compromised by a malicious actor. We have since conducted an investigation into this illegal activity and notified authorities of the compromised email account.”
The author of the attack is not yet known, but security researchers cite that the Lapsus$ hacker group may have some involvement.