Originally posted on androidauthority.
The tactic is considered the newest tool cybercriminals use to steal people’s personal information for financial gain.
- Major tech companies were duped into turning over the personal data of their users.
- The companies involved include Google, Apple, Twitter, Discord, and others.
- The data was handed over to cybercriminals in response to fake legal requests.
Major tech companies, including Google, Apple, Snap, Twitter, Meta Platforms, and Discord, have been duped into giving up personal information about their users.
Citing federal law enforcement officials and industry investigators, Bloomberg reports that the tech giants provided the sensitive user information in response to fake emergency legal requests.
These types of requests don’t require a court order, and companies often turn over data to law enforcement agencies in good faith when imminent danger is involved. Perpetrators usually compromise the email system of a foreign law enforcement agency to forge such requests.
In this case, the fraudulently obtained data was used to target minors and women. In some cases, the bad actors put pressure on them to share sexually explicit material and threatened to retaliate against them if they failed to comply.
This tactic is considered the newest tool cybercriminals use to steal people’s personal information for financial gain. What’s scary is that the attackers successfully impersonate law enforcement officers to a degree that has the biggest tech companies fooled.
The anonymous sources that revealed this information say that such schemes are impossible for victims to protect against, and the best way to avoid them is not to have accounts on the targeted services.
“Tech companies should implement a confirmation callback policy as well as push law enforcement to use their dedicated portals where they can better detect account takeovers,” said Alex Stamos, the former chief security officer at Facebook.
Meanwhile, Google told Bloomberg that it uncovered a fraudulent data request coming from malicious actors posing as legitimate government officials in 2021. The individual was identified, and the company notified authorities. “We are actively working with law enforcement and others in the industry to detect and prevent illegitimate data requests,” a Google spokesperson told the publication.
A Facebook representative said that the platform reviews all data requests for “legal sufficiency and uses advanced systems and processes to validate law enforcement requests and detect abuse.”
Discord said it validates all law enforcement requests, while Apple and Twitter declined to comment.