The report, citing three people familiar with the situation, said that hackers made a forged emergency data request to Apple and Meta in 2021.
As a result of the forged legal request, the tech companies provided users' addresses, phone numbers, and IP addresses to the hackers, the report noted.
Snap Inc. also received a forged legal request for users' data but it isn't known if they provided the information to the same hackers, according to the news agency.
Emergency data requests are usually made after a search warrant or subpoena is approved by a US judge, but it's not necessary, the report added.
The hackers are believed to be part of cybercriminal group Recursion Team. Some of the hackers are believed to be living in the United Kingdom and the United States, and one of the members is a minor who may be the mastermind behind the cybercriminal group Lapsus$, the report said.
The Lapsus$ cybercriminal group reportedly recently hacked Microsoft Corp., Samsung Electronics Co., Nvidia Corp, and others.