![]() “When we hear of big organizations such as Apple & Meta succumbing to fake emergency requests, leading to a data breach of highly sensitive information, we have to wonder how the message about rigorous data security gets missed or overlooked by those who gather, process, and store our data,” said Erfan Shadabi, cybersecurity expert with data security specialists comforte AG. As of now, other tech companies may have been subject to this form of attack, but the two tech giants in Apple and Meta have been specifically outed as victims. Typically in the U.S., requests for personal information of this kind are only available via a search warrant or subpoena signed by a judge, but emergency data requests circumvent this requirement. The forged documents were then sent to Meta and Apple via fake email addresses from governmental bodies based in different countries. SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic) How the attacks happenedĪccording to Bloomberg’s report, the requests for emergency data began as early as January of 2021, and the fake legal requests were believed to be legitimate after having been signed by made-up law enforcement officials. As hackers become smarter, organizations need to step up and ensure there are water tight processes in place and to be one step ahead.” ![]() “It’s easy to see how information can be disclosed in this manner. “Hackers are becoming smarter about how they obtain information from large organizations,” said PJ Norris, principal systems engineer at cybersecurity company Tripwire. It is still unknown at this time whether Lapsus$ or Recursion Team were behind the impersonation of law enforcement. Lapsus$ is a South America-based collective rumored to be behind cyberattacks against tech companies like Microsoft, Samsung and Nvidia. and U.K., with one reported to be aligned with one of two hacking groups, known as Recursion Team or Lapsus$. The group behind the phony emergency requests were believed to be minors located in the U.S. Top 10 open-source security and operational risks of 2023Īs a cybersecurity blade, ChatGPT can cut both waysĬloud security, hampered by proliferation of tools, has a “forest for trees” problemĮlectronic data retention policy (TechRepublic Premium) ![]() The two companies allegedly responded to emergency data requests from customers and unwittingly provided personal information such as addresses, phone numbers and even IP addresses of customers with these unknown parties in the process. It was revealed on March 30 that both Apple and Facebook parent company, Meta, were duped by child hackers impersonating law enforcement officers last year, according to a report from Bloomberg. The two tech companies are believed to have provided hacker groups with user information as part of the impersonation. Apple and Meta shared data with child hackers pretending to be law enforcement
0 Comments
Leave a Reply. |