Last Thursday Patently Apple posted a report titled “China’s Alipay Reports that Hackers have Taken Money from Accounts using Stolen Apple ID’s.” Ant Financial’s Alipay, the operator of one of China’s top two mobile payment apps, said hackers had taken an unknown amount of money from accounts using stolen Apple Inc IDs and that the issue remained unresolved despite reaching out to Apple. It took until today to learn of Apple’s formal respond.
Today Apple officially apologized to its Chinese users after Apple IDs were used to steal money.
In a statement on Tuesday, Apple said that it is “deeply apologetic about the inconvenience caused to our customers by these phishing scams.” In another statement Apple said that a “small number” of users were affected by the breach.
Fortune notes Apple said that the affected users didn’t have two-factor authentication on, which requires users to both input a password and a code that’s sent to their smartphones to verify their identity. The company didn’t say how much money was stolen and whether users would have their funds replenished.
Apple IDs are used for a variety of purchases in Apple’s product lineup, including apps, movies, music, and more. The accounts all have a person’s name, email address, and payment information attached to them and are extremely attractive to malicious hackers hoping to swipe some cash from users.
According to the Fortune report, “The company didn’t say how much money was stolen and whether users would have their funds replenished.”
In the big picture, Apple’s Face and Touch ID appear to be marketing tools for Apple with some minor convenience to users by keeping prying eyes at home or the office from accessing their devices. It does nothing to protect accounts from online hackers.
In a way it sounds like Apple was mildly blaming their customers for the breaches by pointing out that users weren’t using two-factor authentication. This should be a warning to all of Apple’s customers. If you’re not using two-factor authentication on your Apple device and it gets hacked, Apple will likely point to the problem being yours.