Apple and Meta, the parent company of Facebook, have been tricked into providing personal information of their users, such as phone numbers, home addresses, and IP addresses, to youth hackers in the US and UK believed to be part of the Lapsus$ or Recursion Team hacking groups, according to TechRepublic.
Bloomberg reports that the attackers have impersonated law enforcement officers and sent emergency data requests to the companies beginning January 2021. Apple and Meta have been sent forged documents that were signed by nonexistent law enforcement officials. However, the involvement of Lapsus$, which was behind recent attacks against Microsoft, NVIDIA, and Samsung, or Recursion Team remains uncertain.
"When we hear of big organizations such as Apple & Meta succumbing to fake emergency requests, leading to a data breach of highly sensitive information, we have to wonder how the message about rigorous data security gets missed or overlooked by those who gather, process, and store our data... The harsh truth is this: threat actors will find a way to your organization’s data given enough time and incentive, no matter how fortified your digital environment is," said comforte AG Cybersecurity Expert Erfan Shadabi.