Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple apologizes to Chinese users after iCloud phishing spree

Apple is "deeply apologetic" that some users in China had been pilfered by assailants — but at the same time noted that the attacks would have been prevented had the victims been using security measures that Apple enables to protect accounts from such thefts.

In a statement, Apple noted that a small number of user accounts had been recently accessed by phishing attacks. "We are deeply apologetic about the inconvenience caused to our customers by these phishing scams." Apple said in an english-language statement. At the same time, Apple reiterated the advice it had given the Chinese market when the thefts came to light, that two-factor authentication would have prevented these attacks from taking place at all.

The attack impacted users with Alipay accounts linked to the iCloud account. The funds were drained through fraudulent app store purchases and subscriptions. Social media posts from affected customers noted that the notifications arrive at unusual times of day, and for some users had led to losses worth hundreds of dollars.

The Alibaba-owned Alipay and Tencent-owned WeChat Pay confirmed a number of their customers were been the subject of fraudulent App Store purchases. Alipay has posted a warning online advising iPhone users of the thefts, and to secure their accounts where possible.

Alibaba's payments firm claims it had contacted Apple "multiple times" over the fraud, requesting the company to find out how they are taking place. Apple advised at the time that it was investigating the issue.

The notice by Alipay advised the affected customers included those who owned iPhones and had connected their accounts to other payment systems. Customers are "exposed to the risk of financial loss," until Apple deals with the issue, the notice warned, while also advising the losses could be minimized by lowering how much could be transferred in a transaction without requiring a password to be entered.

According to the Wall Street Journal on Tuesday, Apple has not given any details about how many users were impacted, nor how much money was taken.



4 Comments

jbdragon 10 Years · 2312 comments

So the same old Phishing scams.  Worse, not using 2 factor!!!  2 factor can be a hassle at times, but it’s better than getting scammed.  Losing money, etc.  at the minimum, make sure you are using 2 factor for your email.  Someone gains access to your email, they can do password recovery at most of the other places you’re signed up to and gain access.  Which if 2 factor was on everywhere you go, that wouldn’t happen.

even if you were phished, suckered out of your password, they still wouldn’t gain access with the 2nd factor!!!  I know banks like to make things really easy to access.   They hide 2 factor, or may not even offer it.  I have it on!!!
I have it turned on at Amazon even, though that has been the most annoying place I go to for 2 factor.  

Not sure why Apple is apologizing for?  No matter what you may do, there’s always going to be idiots.  Why is it Apples fault that these people are falling for phishing scams and not using 2 factor?   It they can’t help themselves, how us Apple going to be able to do anything to help them?

magman1979 11 Years · 1301 comments

Sorry, but I have ZERO sympathy to people whose accounts get drained because they refused to implement proper security that Apple REPEATEDLY reminds you to activate if you choose not to.

I encounter people like this all the time, and I try to educate them to this and even help them implement the 2FA, because they claim it's too difficult and inconvenient, and yet some blatantly say "I don't care and I don't have anything to hide" and shun this system. These are the same people who later come and claim I setup their device incorrectly, to which I tell them promptly to fuck off.

macgui 17 Years · 2471 comments

"We are deeply apologetic that you allowed yourself to give access to your account because of your carelessness.

Here's your money back."

Leo Laporte made a sarcastic mention of Apple's mention of noting TFA was not authorized, as though Apple was ducking responsibility.

I do feel bad for anybody who got ripped off. Why wouldn't or shouldn't I. But I feel worse that media hints that Apple was somehow derelict in preventing the intrusion and pilfering.

evilution 13 Years · 1395 comments

Sorry that you are an idiot and feel the need to blame others for your carelessness.
Apple should force 2FA to save some people from themselves.