Apple has issued an apology after a number of customers in China had their Apple ID stolen and used by thieves to take money from paired mobile payment services.
According to a new report from the Wall Street Journal, big mobile payment providers in China including Alipay and WeChat Pay last week revealed that some bad actors swiped their customers’ funds using stolen Apple IDs. Today, Apple has shed more light on the incident and apologized for what happened.
According to Apple, the hacked users had not been using two-factor authentication, a system whereby both passwords and a second verification — such as a text message-sent code — are used to protect account details. As it has done in the past, including through messages delivered in the Settings app, the company advised users to turn on two-factor authentication to protect their accounts.
“We are deeply apologetic about the inconvenience caused to our customers by these phishing scams,” Apple said in its Chinese statement, adding that “a small number of our users’ accounts” had been accessed through said scams.
Phishing scams are specially designed emails that pretend to come from a legitimate sender in order to trick you into visiting a webpage designed with the sole purpose to steal your credentials by pretending to be the official Apple ID account website.
While Apple does not make clear how exactly the Apple IDs were obtained, it recommends that to avoid such issues in the future, all customers should enable two-factor authentication.
China is a very important overseas market for Apple, but it has recently come under scrutiny over its approach to data privacy and security. Earlier this year the Cupertino company began shifting Chinese users’ iCloud accounts out of the US and onto servers stored in China due to Chinese law. This raised human rights concerns, especially after it was revealed that the data is being looked after by a state-run telecom company.