In 2018, Facebook’s parent company, Meta, provided user data to hackers who impersonated law enforcement officials, according to a confidential source within the company. The hackers submitted falsified “emergency data requests” designed to bypass privacy protections, enabling them to acquire sensitive information such as physical addresses and phone numbers from Meta. This fraudulent activity was reportedly part of a scheme to circumvent standard data protection procedures.
Cybersecurity expert Brian Krebs recently highlighted an increasing trend of hackers targeting government and police email accounts. Once inside these systems, hackers make false claims about urgent “life and death” situations to pressure tech companies into releasing user data without waiting for a judge’s approval. Bloomberg also reported that Apple had similarly responded to forged emergency requests by providing customer data.
Although Meta and Apple have not confirmed these specific incidents, both companies have issued statements detailing their procedures for handling data requests. According to Krebs, when US law enforcement seeks information on a social media account or associated phone number, they must typically present a court-approved warrant or subpoena. However, in urgent circumstances, they can submit an “emergency data request,” which bypasses the standard review process and doesn’t require court-sanctioned documentation.
Meta’s Response to Data Requests
Meta, in a recent statement, assured that all data requests undergo rigorous checks for “legal sufficiency.” The company also employs “advanced systems and processes” to validate law enforcement requests and detect fraudulent activities. Meta stressed its commitment to blocking compromised accounts and working closely with law enforcement to address suspected fraudulent requests.
Apple, likewise, outlined its approach, noting that in emergencies, a supervisor within the requesting government or law enforcement agency is contacted to verify the legitimacy of the request. This ensures that only authentic, emergency cases result in data being provided.
The Challenges of Emergency Data Requests
One of the main issues highlighted by Krebs is the lack of a unified, national framework for handling emergency data requests. With tens of thousands of police jurisdictions worldwide—18,000 in the United States alone—hackers only need to infiltrate a single police email account to exploit this gap.
Key Takeaways:
| Company | Response to Emergency Requests | Data Protection Measures |
|---|---|---|
| Meta | Reviews requests for “legal sufficiency” and validates through advanced systems | Blocks compromised accounts, works with law enforcement on fraudulent requests |
| Apple | Verifies legitimacy by contacting a supervisor in urgent cases | Follows strict internal guidelines for emergency requests |
The growing trend of fraudulent data requests from hackers is a significant concern for both tech companies and law enforcement. As Krebs pointed out, the absence of a coordinated system for handling these requests makes it easier for cybercriminals to exploit vulnerabilities.
As the issue continues to evolve, both Meta and Apple are expected to strengthen their procedures for validating requests, ensuring that sensitive user data remains protected while still supporting legitimate law enforcement needs.