Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


macrumors bot
Original poster
Apr 12, 2001

Apple apparently provided some user data to a hacker group that forged legal requests for the information in a 2021 social engineering scam, reports Bloomberg, citing three sources with knowledge of what happened.


The hackers masqueraded as law enforcement officials and were able to convince Apple's staff to provide them with data that included customer addresses, phone numbers, and IP addresses after sending forged "emergency data requests."

Typically, Apple provides this information with a search warrant or subpoena from a judge, but that does not apply with emergency requests because they are used in cases of imminent danger. Apple did not confirm that data had been shared, and directed Bloomberg to its law enforcement guidelines when asked for comment.
In response to a request for comment, an Apple representative referred Bloomberg News to a section of its law enforcement guidelines.

The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request "may be contacted and asked to confirm to Apple that the emergency request was legitimate," the Apple guideline states.
Facebook parent company Meta also provided data to the same hacker group, and in a statement, Meta said that it is working with law enforcement on the suspected fraudulent requests. Information obtained from Apple, Facebook, and others has been used in harassment campaigns and could be used in financial fraud schemes.

The requests were sent from hacked email domains belonging to law enforcement officials from multiple countries, and were crafted to look legitimate with forged signatures of real or fictional law enforcement officers.

According to Bloomberg, a cybercrime group known as "Recursion Team" is linked to some of the forged legal requests that were sent to various companies in 2021. Some of the hackers are believed to be minors located in the United States and United Kingdom, and at least one of the minors involved has also participated in the Lapsus$ group that attacked Microsoft, Samsung, and Nvidia.

As The Verge pointed out earlier today, Lapsus$ shared a post on Telegram claiming to have stolen 70GB of data from international software developer Globant, and screenshots of the data captured show a folder called "apple-health-app." What's in that folder and whether it contains data obtained from Apple is unclear.

Article Link: Apple Allegedly Provided User Data to Hackers That Forged Legal Requests


Aug 14, 2020
Welp, I guess there goes the era of not verifying emergency requests. Hopefully they can thread the needle and still respond expediently to immediate emergencies.


macrumors 6502
Mar 13, 2012
Scottish Highlands
Everything should be encrypted using on device keys and then Apple can't provide it no matter how easily they are scammed.
The data is all likely to be from iCloud backups and if they were encrypted using on device keys then yes, that would stop Apple accessing them but it would also mean you'd never be able to restore your iCloud backups onto a new iPhone / iPad if you upgraded or lost your device...


macrumors P6
Mar 19, 2008
Are we surprised?

Apple has outright scams that sail right through App Review and into the iOS App Store
..and often they stay there dominating sales charts for long periods of time.

Anyone hoping for "protection" from AppleMegaCorp is going to be disappointed.

They lock things down simply to control as much of the money flow as possible.
That's it. There is nothing else to it.


macrumors G5
May 18, 2008
This has been a rising trend among all companies. This is not an Apple problem, this is a “the opaque “national security” mechanisms we put in place as a nation has opened up an easy vector of attack” problem.

Basically the over the top secrecy and spying done behind secretive “National Security Letters” (Google it) has left companies with no immediate way to know whether these requests are real or not.

Again, this is not an Apple problem:


Nov 9, 2013
I am going to reserve judgement until we see concrete proof of what actually happened with Apple.
Agree. I have as little faith in Bloomberg reports as I do in believing Apple will turn out a bug-free set of OSes this summer.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.