Hackers related to the Lapsus$ group would have pretended to be government officials to request private data from Meta and Apple. According to Bloomberg, Apple and Meta were leaking user information to attackers who spoofed emergency data requests from government agencies.
One of the key suspects is the teenager who would currently lead Lapsus$, which has been on everyone’s lips after the attacks on Microsoft, Samsung or Nvidia, although at that time, he was part of another group of hackers.
Typically, requests from law enforcement are processed by companies on a warrant or document that is signed by a judge. However, The emergency data request (EDR) does not require a court decision. it is a kind of legal procedure that can be used by security agents in order to obtain the necessary information from a user to be able to carry out an investigation
According to Krebs On Security, the perpetrators used some emails, previously hacked, linked to legitimate law enforcement personnel, thus successfully tricking companies into handing over the data without further suspicion.
And it is not uncommon for companies like Apple and Facebook to receive requests of this type from law enforcement, even having teams entirely dedicated to responding to these requests.
It is only known that the attackers were associated with the Recursion Team hacker group. As of today, its activities have been suspended. But many of its members continue to carry out hacks under different names, including as part of Lapsus$.
The most striking thing is that neither Meta nor Apple would be the only companies affected by these attacks. In addition to them, companies like Snap, the owner of Snapchat, also received such requests. Another that did provide data was Discord, which provided information in response to one of these requests.