Major technology companies such as Apple and Alphabet have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, according to  Bloomberg.

The article — quoting four federal law enforcement officials and two industry investigators — says the data has been used to harass and even sexually extort minors.

From Bloomberg: The exact method of the attacks varies, but they tend to follow a general pattern, according to the law enforcement officers. It starts with the perpetrator compromising the email system of a foreign law enforcement agency.

Then, the attacker will forge an “emergency data request” to a technology company, seeking information about a user’s account, the officers said. Such requests are used by law enforcement to obtain information amount online accounts in cases involving imminent danger such as suicide, murder or abductions […]

The data provided varies by companies, but generally includes the name, IP address, email address and physical address. Some companies provide more data.




Article provided with permission from AppleWorld.Today