According to Bloomberg, which cites its sources, the attackers sent fake emergency requests to the above-mentioned companies. In response, Apple and Meta sent the hackers data about registered users, including customer addresses, phone numbers, and IP addresses. Bloomberg clarified that typically such requests come with a search warrant or a subpoena signed by a judge. The point of the emergency requests is to skirt this requirement in cases of imminent danger. Information obtained illegally was used by hackers to facilitate financial fraud schemes and for other purposes.
The amount of user information that has gone to the hackers is currently unknown.