Warning after Apple and Facebook ‘tricked by child hackers posing as police into giving away private user info’
HACKING has quite literally become child's play.
Facebook owner Meta and Apple were reportedly duped into handing out private user data by cyber crooks who pretended to be the police.
And experts suspect those behind it might be naughty kids.
The group managed to get hold of basic details, such as a customer’s address, phone number and IP address, reports.
They apparently pulled it off by submitting fake emergency data requests.
With so many of us online, law enforcement regularly ask tech giants for details relevant to their investigations.
Read more about hacking
A search warrant or judge-signed subpoena is normally needed to get hold of information.
But in an urgent life or death situation, police can put in an emergency request that doesn't require a sign off before.
The gaffe is thought to have happened in mid-2021 - though it's not clear how many times they provided data.
Snapchat's owner is also believed to have received similar forged requests but it's not known whether they fell for the ruse as well.
Most read in News Tech
Cybersecurity experts think that it could be young people behind the attack, located in the UK and US.
One is suspected to be part of the Lapsus$ hacking group, which has targeted the likes of Microsoft, Samsung, Nvidia, and Ubisoft.
Seven people between the ages of 16 and 21 were arrested last week by City of London Police in connection with an investigation into Lapsus$.
Trick is 'increasingly common'
According to , the trick on Apple and Meta is increasingly common.
Typically, the bad actor has to get into the police's email system to pose as an official law enforcement rep.
Some of the fakes sent out to Apple and Meta are thought to have included forged signatures of real and made up cops.
Apple's guidelines state that a police officer "may be contacted and asked to confirm to Apple that the emergency request was legitimate".
Read More on The Sun
Meta spokesperson Andy Stone said: "We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.
"We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case."
- Read all the latest Phones & Gadgets news
- Keep up-to-date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
- How to get your deleted Instagram photos back
- How to track someone on Google Maps
- How can I increase my Snapchat score?
- How can I change my Facebook password?
- How can I do a duet on TikTok?
- Here's how to see if your Gmail has been hacked
- How can I change my Amazon Alexa voice in seconds?
- What is dating app Bumble?
- How can I test my broadband internet speed?
- Here's how to find your Sky TV remote in SECONDS
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]