Hackers successfully obtained user data from Meta and Apple by disguising themselves as law enforcers. The hackers did it by sending faked emergency data request orders to both companies which are typically sent by law enforcement when they need personal data involving emergency or life-threatening cases.
According to Bloomberg, in mid-2021, Apple and Meta provided basic subscriber details, such as a customer’s address, phone number, and IP address, in response to the forged “emergency data requests.”
Requesting data from social media platforms is actually normally done by law enforcement agencies to aid in criminal investigations. For them to obtain it, they usually have to present a subpoena or a search warrant signed by a judge, with the exception of emergency situations.
Based on the report of Krebs on Security, these Fake emergency data requests are alarmingly increasing and are mostly carried out by teenagers. The hacker’s way of doing this is, they need to gain access first to a police department email system, forge an emergency data request and send it to social media companies while the identity of the email is under the Police Department.