San Francisco (AFP) – Facebook owner Meta gave user information to hackers posing as law enforcement officials last year, a company source said on Wednesday, highlighting the risks of a measure used in urgent cases.
Imposters were able to obtain details such as physical addresses or phone numbers in response to falsified ’emergency data requests’, which can breach confidentiality barriers, said the source who requested anonymity due to the sensitivity of the subject.
The hackers compromised email accounts or websites linked to the police or government and claimed they could not wait for a judge’s order to obtain information because it is an “urgent matter of life or death,” cyber expert Brian Krebs wrote on Tuesday.
The Bloomberg news agency, which initially reported that Meta was being targeted, also reported that Apple provided customer data in response to bogus data requests.
Apple and Meta did not officially confirm the incidents, but provided statements citing their policies for handling inquiries.
When U.S. law enforcement officials want data about the owner of a social media account or an associated cell phone number, they must submit an official court-ordered warrant or subpoena, Krebs wrote. .
But in urgent cases, authorities can make an “emergency data request”, which “largely bypasses any official review and does not require the applicant to provide court-approved documentation”, he added. .
Meta, in a statement, said the company reviews each data request for “legal sufficiency” and uses “advanced systems and processes” to validate law enforcement requests and detect abuse.
“We prevent known compromised accounts from making requests and are working with law enforcement to respond to incidents involving suspected fraudulent requests, as we did in this case,” the statement added.
Apple noted its guidelines, which state that in the event of an emergency request “a government supervisor or law enforcement officer who submitted the…request may be contacted and instructed to confirm to Apple that the emergency request was legitimate”.
Krebs noted that the lack of a unified national system for these types of requests is one of the main problems associated with them, as companies end up deciding how to deal with them.
“To complicate matters, there are tens of thousands of police jurisdictions around the world – including about 18,000 in the United States alone – and all it takes for hackers to succeed is illicit access to a only police email account,” he wrote.
© 2022 AFP