Compromised police email accounts used to exfiltrate sensitive data from tech giants including Apple and Meta.
Some of the victims of a new scam where threat actors impersonated police to steal sensitive data from tech companies’ endpoints have been revealed, and they’re big news. A Bloomberg report claims that both Meta (Facebook’s parent company) and Apple fell for the trick, with the two companies reportedly sharing user IP addresses, phone numbers, and home addresses with the fraudsters. Besides Meta and Apple, a number of other major tech companies have reportedly been targeted, including Snap and Discord, although it’s unclear whether or not these companies fell for the scam. Commenting on the news, Meta’s policy and communications director, Andy Stone, told The Verge that the company reviews every data request for legal sufficiency and uses “advanced systems and processes” to validate law enforcement requests and detect abuse.
