Apple apparently provided some user data to a hacker group that forged legal requests for the information in a 2021 social engineering scam, reports Bloomberg, citing three sources with knowledge of what happened.
The hackers masqueraded as law enforcement officials and were able to convince Apple's staff to provide them with data that included customer addresses, phone numbers, and IP addresses after sending forged "emergency data requests."
Typically, Apple provides this information with a search warrant or subpoena from a judge, but that does not apply with emergency requests because they are used in cases of imminent danger. Apple did not confirm that data had been shared, and directed Bloomberg to its law enforcement guidelines when asked for comment.
In response to a request for comment, an Apple representative referred Bloomberg News to a section of its law enforcement guidelines.
The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request "may be contacted and asked to confirm to Apple that the emergency request was legitimate," the Apple guideline states.
Facebook parent company Meta also provided data to the same hacker group, and in a statement, Meta said that it is working with law enforcement on the suspected fraudulent requests. Information obtained from Apple, Facebook, and others has been used in harassment campaigns and could be used in financial fraud schemes.
The requests were sent from hacked email domains belonging to law enforcement officials from multiple countries, and were crafted to look legitimate with forged signatures of real or fictional law enforcement officers.
According to Bloomberg, a cybercrime group known as "Recursion Team" is linked to some of the forged legal requests that were sent to various companies in 2021. Some of the hackers are believed to be minors located in the United States and United Kingdom, and at least one of the minors involved has also participated in the Lapsus$ group that attacked Microsoft, Samsung, and Nvidia.
As The Verge pointed out earlier today, Lapsus$ shared a post on Telegram claiming to have stolen 70GB of data from international software developer Globant, and screenshots of the data captured show a folder called "apple-health-app." What's in that folder and whether it contains data obtained from Apple is unclear.
