Apple, nearly a week after it emerged that some Apple IDs were stolen in China, apologized for the hacking, saying in a statement that it found “a small number of our users’ accounts” had been accessed via a phishing scam, reported The Wall Street Journal.
According to the report, Apple went on to say in the statement that it is “deeply apologetic about the inconvenience caused to our customers by these phishing scams.” The Cupertino, California iPhone maker noted that victims of the scam hadn’t enabled two-factor authentication, which requires a user to have a password to log in, as well as a generated code to verify their identity. Apple didn’t say how many users were impacted, nor did it specify how much money was stolen or how the hackers were able to get their hands on the Apple IDs and passwords.
Alipay, the mobile payment app, said on Wednesday (Oct. 10) that hackers stole money from accounts via stolen Apple IDs. Reuters, citing Ant Financial, the payment affiliate of Alibaba, reported that the Chinese company said the issue hasn’t been resolved, although it had already reached out to Apple. In a post on its Toutiao social media account, the company said users who linked their accounts via Apple IDs should lower their transaction limits.
“Alipay has contacted Apple many times … and the issue has not been resolved,” the post said. According to the report, the breach is impacting Alipay and Tencent’s WeChat users, with some losing as much as $288. It’s not clear how many users were impacted, but Alipay did urge those affected to contact Apple.
Reuters noted that the breach highlights the security challenges faced by payment companies in China. In July, Apple was signaled out by state media in the country because of all the spam on iMessage. State media at the time said Apple’s stance on privacy was hurting its ability to stop illegal behavior. The report noted that since then, Apple has held talks with telecommunications companies in China to reduce how the spam sent to iMessage. WeChat Pay and Alipay have not been the target of breaches, even though users are constantly warned not to send money to people they don’t know who are using the platforms, reported Reuters.