Apple and Meta handed over sensitive data straight to hackers
Date:
Thu, 31 Mar 2022 12:23:49 +0000
Description:
Compromised police email accounts used to exfiltrate sensitive data from tech giants including Apple and Meta.
FULL STORY ======================================================================
Some of the victims of a new scam where threat actors impersonated police to steal sensitive data from tech companies' endpoints have been revealed, and they're big news.
A Bloomberg report claims that both Meta (Facebooks parent company) and Apple fell for the trick, with the two companies reportedly sharing user IP addresses, phone numbers, and home addresses with the fraudsters.
Besides Meta and Apple, a number of other major tech companies have
reportedly been targeted, including Snap and Discord, although its unclear whether or not these companies fell for the scam. TechRadar needs you!
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window << Snap and Discord
targeted
Commenting on the news, Metas policy and communications director, Andy Stone, told The Verge that the company reviews every data request for legal sufficiency and uses advanced systems and processes to validate law enforcement requests and detect abuse.
We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case, he said in a statement.
This tactic poses a significant threat across the tech industry, Peter Day, Discords group manager for corporate communications said. We are continuously investing in our Trust & Safety capabilities to address emerging issues like this one. Read more
This British teenager is apparently the mastermind behind Lapsus$
Everything we know about Lapsus$ and Okta so far
There's been another development in the Lapsus$ saga
In the original report from KrebsOnSecurity, it was said that a group of threat actors, possibly the same people that later formed Lapsus$, managed to compromise email accounts from law enforcement agencies, most likely via phishing or viruses .
They then used those emails to reach out to large companies with an EDR - Emergency Data Request. Law enforcement agencies reach out to companies all the time, with the request to provide data on users and customers. These requests, however, need to be in compliance with certain regulations and usually take a little time to be processed.
EDRs, however, bypass all of that, as theyre used in a matter of life and death (or serious injury). By playing the EDR card, threat actors force businesses to either risk someones life by taking their time to confirm the senders identity, or risk leaking data, by hurrying to share it without double-checking who the sender is. If you're looking for a way to keep your digital premises secure, check out our list of the best firewalls right now
Via: The Verge
======================================================================
Link to news story:
https://www.techradar.com/news/apple-and-meta-handed-over-sensitive-data-strai ght-to-hackers/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)