Apple has issued an apology after a phishing scam hit some of its users in China, where the company says a “small number” of Apple IDs were improperly accessed and hackers even managed to use them to make purchases of as much as 2,000 yuan — the equivalent of $290. “We are deeply apologetic about the inconvenience caused to our customers by these phishing scams,” Apple offered in a statement shared in China today.
The iPhone maker hasn’t disclosed how much money in total was stolen, how many users it affected, and really any detailed look at what happened. One thing we do know, according to Apple, is that the victims hadn’t turned on two-factor authentication, something the company is now reminding all users to do.
News of the China hack comes against a backdrop of escalating U.S.-China trade tensions that are particularly risky for Apple, which assembles most of its products in the country. Also, per The Wall Street Journal, “China is a key market for Apple and the fraud is the latest challenge it is facing in an area where its share of the smartphone market has been treading water … The hacking incident received broad media coverage in China, including detailed reports by state broadcaster CCTV that included victims saying they lost money to App Store purchases they didn’t make. The broadcaster urged the companies to be more responsive.”
Alipay and WeChat Pay, prominent payment companies in China, announced last week that hackers had gotten into some users’ payment accounts, the paper continues. What’s more, many consumers in the country connect their Apple accounts to those payment systems — Alipay being the payments affiliate of Alibaba, while WeChat Pay is owned by Tencent.
Apple is increasingly having to address security and privacy concerns out of China these days, where the company has been, among other things, trying to get a lid on iMessage spam there and dealt with a glut of illegal gambling apps on the Chinese version of the iOS App Store. From 9to5Mac about the Apple ID hack: “If two-factor authentication is enabled, users must independently approve account access for new device logins. This greatly reduces the chance of phishing attacks ultimately working, as unknown login requests can simply be denied.
“Apple’s operating systems encourage users to upgrade their accounts to two-factor authentication security regularly. However, there is still a significant proportion of the Apple ID user base that has not enabled the feature.”