According to Bloomberg, Apple provided customer data to hackers who masqueraded as law enforcement officials. In other words, it was doing something it claims not to do and creating the exact security issue that it has been lecturing others about.
Meta was also caught doing the same thing, it is just we already expect Facebook to hand over data to anyone who says “pretty please” and it rarely tells other companies that it is Jesus.
The data handed over included a customer's address, phone number and IP address using an emergency request procedure.
Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don't require a court order.
Cybersecurity researchers suspect that some of the hackers sending the forged requests are kids in the UK and the US which shows how easy it is to pull off.
The fraudulent legal requests are part of a months-long campaign that targeted many technology companies and began as early as January 2021. The forged legal requests are believed to be sent via hacked email domains belonging to law enforcement agencies in multiple countries. The forged requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers.
By compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries.