Last updated on April 24th, 2022 at 06:07 pm
In a statement, Meta stated that every data request is reviewed for “legal sufficiency” and that the company utilizes “sophisticated technologies and processes” to confirm law enforcement requests and detect abuse.
San Francisco is a city in California.
Last year, Facebook owner Meta handed user information to hackers posing as law enforcement officials, according to a company source, exposing the dangers of a tactic employed in emergency situations.
According to the source, who requested anonymity due to the delicacy of the situation, imposters were able to get details such as physical addresses or phone numbers in response to fabricated “emergency data requests,” which can bypass privacy restrictions.
According to cyber expert Brian Krebs, criminal hackers have been hijacking email accounts or websites linked to the police or government, claiming they can’t wait for a judge’s order for information because it’s an “urgent matter of life and death.”
Apple had released customer data in response to falsified data requests, according to the Bloomberg news agency, which first reported Meta being targeted.
Apple and Meta did not confirm the occurrences but issued statements in which they cited their standards for processing information requests.
According to Krebs, when US law enforcement officers demand information on the owner of a social media account or a mobile phone number associated with it, they must submit a formal court-ordered warrant or subpoena.
However, in emergency situations, authorities can make an “emergency data request,” which “essentially skips any official scrutiny and does not require the requestor to produce any court-approved documentation,” he explained.
In a statement, Meta stated that every data request is reviewed for “legal sufficiency” and that the company utilizes “sophisticated technologies and processes” to confirm law enforcement requests and detect abuse.
“We stop known compromised accounts from making requests and, as we have done in this case, we assist with law enforcement to react to events involving suspected fraudulent requests,” the statement continued.
In the instance of an emergency application, Apple’s guidelines state that “a supervisor for the government or law enforcement agent who submitted the… request may be called and requested to confirm to Apple.” that the request for an emergency was legitimate.”
One of the major issues with these types of requests, according to Krebs, is the lack of a unified, national framework, which forces corporations to decide how to handle them.
“To compound matters, there are tens of thousands of police jurisdictions around the world, including around 18,000 in the United States alone, and all it takes for hackers to succeed is illegitimate access to a single police email account,” he said.