Posing as “Police” hackers asked Apple to hand over sensitive user data, including names, phone numbers, IP addresses, and more, Bloomberg reports. They did so simply by exploiting the so-called emergency data requests (EDRs), which is a US police backdoor (similar to the permanent ones for CIA/NSA etc) to access private data from users when deemed appropriate. This does not even need a judge’s signature. Civil liberty watchdogs have long criticized EDRs are ripe for abuse by law enforcement, but this is the first public concession of this data-privacy loophole being abused.
Apple told Bloomberg they have systems in place to validate requests from police.
ref. Bloomberg