They just had to ask nicely.
Hackers have been forging fake emergency legal requests to get personal information from both Facebook parent company Meta and tech giant Apple — both of which have on many occasions agreed to these requests, Bloomberg reports.
It's a troubling phenomenon that goes to show how easy it is for hackers to obtain sensitive user data.
According to the report, both Apple and Meta gave out basic subscriber details, including addresses, phone number, and IP addresses. Since they were filed as "emergency dat requests," they didn't require search warrants or a court-ordered subpoena.
Meta, however, claims it did its homework.
"We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse," a spokesman told Bloomberg. "We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case."
According to Bloomberg's unnamed cybersecurity sources, some of these requests may have come from a no longer active hacker group called Recursion Team, which is affiliated with Lapsus$, an infamous group of hackers known to have hacked other tech companies including Microsoft.
The forged requests included forged signatures of real or fictional law enforcement officers, sources told Bloomberg. In many cases, all they needed to do was gain access to a email domain associated with a law enforcement entity.
Meta and Apple are not the only victims.
"While our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor," popular chatting platform Discord told Bloomberg in a statement. "We have since conducted an investigation into this illegal activity and notified law enforcement about the compromised email account."
As if our data isn't vulnerable enough enough, given a wave of recent leaks, the news shows just how easy it is for hackers to convince tech companies to hand over what could be incriminating personal data — and how much power law enforcement agencies hold over big tech.
READ MORE: Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests [Bloomberg]
More on hacking: Grimes Says She Got Hackers to Shut Down a Blog She Didn't Like