Major technology companies such as Apple and Alphabet have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, according to Bloomberg.
The article — quoting four federal law enforcement officials and two industry investigators — says the data has been used to harass and even sexually extort minors.
From Bloomberg: The exact method of the attacks varies, but they tend to follow a general pattern, according to the law enforcement officers. It starts with the perpetrator compromising the email system of a foreign law enforcement agency.
Then, the attacker will forge an “emergency data request” to a technology company, seeking information about a user’s account, the officers said. Such requests are used by law enforcement to obtain information amount online accounts in cases involving imminent danger such as suicide, murder or abductions […]
The data provided varies by companies, but generally includes the name, IP address, email address and physical address. Some companies provide more data.
