Last week, big mobile payment providers in China including Alipay and WeChat Pay revealed that some bad actors swiped their customers' funds using stolen Apple IDs. Today, Apple has shed more light on the incident and apologized for what happened.
According to a new report from The Wall Street Journal, the tech giant blamed the account hacks in China on the customers' failure to enable two-factor authentication, which Apple started adopting in 2013. This allowed hackers to access users' accounts through phishing scams and then steal money using Chinese mobile payment apps linked to their Apple accounts.
It remains unclear how many users were hit by the phishing attack, but Apple said it only affected a small number of accounts. It's not certain as well how much money was stolen from the victims nor is it known how the hackers obtained the users’ Apple IDs and passwords. State-owned media CCTV reported that some victims claimed they lost funds to unauthorized App Store purchases.
The hacks mark the latest incident in which Apple has been involved in a security fiasco in China. In 2014, the country banned Apple devices from government use due to security concerns it vaguely explained.
Source: The Wall Street Journal