I think that you have heard the assurances from Apple and Google more than once that they are guarding privacy. They position themselves as companies that are ready to the end to defend the interests of those who trusted them. And Apple has been subject of criticism more than once by law enforcement agencies for its integrity and refusal to hack the iPhone of criminals.
But, as it turned out, Apple and Google still leak information about users at the request of law enforcement officers and fall for the tricks of hackers. Bloomberg, citing representatives of federal law enforcement agencies, reported that major technology companies Google, Apple, Twitter, Meta, Discord and Snap provided personal information about users at the request of law enforcement agencies using their email addresses. The problem is that the requests themselves were skillfully forged by hackers.
Attackers managed to deceive companies and get private information about users. Moreover, the targets were women and minors. In the hands of hackers were information compromising the owners, including sexually explicit materials. The attackers used the obtained data for harassment, blackmail and extortion. For non-dissemination of spicy information, they demanded money from the victims.
Hackers have a new way to blackmail users of Google, Apple and Meta
Hackers took advantage of the fact that the practice of “emergency requests” is now in effect; when law enforcement officers can obtain users’ personal data from servers and this does not require a judge’s order.
At the moment, law enforcement and technology companies are trying to assess the scale of the problem; and the amount of data that the hackers obtained through fake requests. The main problem is to determine that the request is fake. It takes time to understand that it is directed illegally and no investigation is underway against specific individuals.
Also, the most annoying thing is that the practice of extortion based on illegally obtained personal data is becoming more common. At the moment, companies and law enforcement agencies cannot offer an effective tool for this type of fraud. Experts advise introducing the practice of “callback” with repeated confirmation from law enforcement officers about the legitimacy of the request. Now, in order not to become a victim of intruders, users can only “clean” information about themselves as much as possible and abandon the practice of storing data that can be in use for blackmail.