Apple Apologizes After Stolen Apple ID Credentials Aided in Phishing Attack in China

[MacRumors]

Apple has formally apologized to users in China over the hacking of some Chinese accounts in a series of phishing scams that hit the country last week. The successful phishing attacks used stolen Apple IDs to gain access to customer funds, leading to "a small number of...users' accounts" being accessed through these scams (via The Wall Street Journal).

In a statement shared in China today, Apple said: "We are deeply apologetic about the inconvenience caused to our customers by these phishing scams."

When news of the incident emerged last week, Chinese mobile payment companies Alipay and WeChat reported that hackers were able to take an unknown amount of money from accounts using stolen Apple IDs. Some users were said to have lost up to 2,000 yuan ($288) following the breach.

According to Apple's new statement, these victims had not enabled two-factor authentication, making it easier for the hackers to gain access to their accounts. Apple didn't confirm how many users were affected in China, how much money was stolen in total, or how the hackers gained access to the Apple IDs in question. The company encouraged all users to enable two-factor authentication on their accounts to ensure further security protections are in place.

China remains important to Apple's overseas expansion plans, but the company has faced numerous speed bumps in this regard over the years. In 2018, Apple moved Chinese iCloud data to state-owned China Telecom, which brought up user privacy concerns; faced an issue with an overabundance of illegal gambling apps on the Chinese iOS App Store; and is now attempting to clamp down on iMessage spam in the country.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Apologizes After Stolen Apple ID Credentials Aided in Phishing Attack in China

 

[markfc]

What are Apple apologising for?
Not forcing 2FA?

 

[Omega Mac]

It seems like everyday for almost two week US tech giants are having to scramble to deal with bad-news stories emanating from their operations and dealings with China.

Nothing to see here of course.

 

[AngerDanger]

I hate the blind defense of Apple some MR users provide, but this… really doesn’t seem like Apple’s fault.

1. This wasn't much of a "hack" if the users had to give their info to services not actually hosted by Apple.
2. Apple provides two-factor-authenticaltion as a means to reduce your risk of giving this information over.

 

[iapplelove]

Just curious why this is in the political and social forums?

 

[Mac Fly (film)]

What are Apple apologising for?
Not forcing 2FA?

It’s called being a responsible actor. It is Apple’s job to help protect their users. Yes, they didn’t have to, but it’s a nice gesture that they did.

 

[keysofanxiety]

It seems like everyday for almost two week US tech giants are having to scramble to deal with bad-news stories emanating from their operations and dealings with China.

Nothing to see here of course.

Did you read the article or just see “China” in the title and filled in the blanks?

 

[ArtOfWarfare]

Just curious why this is in the political and social forums?

Because this is about Apple kowtowing to China.

Idiots in China declined two factor authentication, then fell for a phishing attack, and so they lost money. It's hard to say it's Apple's fault here, but rather than defend themselves, Apple is just jumping straight to apologizing.

 

[Mac Fly (film)]

Just curious why this is in the political and social forums?

Could be unconscious racism. No doubt the mods will tell me off for pointing to a likely truth here.

 

[Lershac]

It’s also a big cultural thing in China... a lot can be forgiven if an apology is forthcoming.... not like here in the USA where an apology is an admission of guilt and an invitation for lawsuits.

 

[ronntaylor]

Just curious why this is in the political and social forums?

Any mention of China gets some frothing at the mouth.

 

[bstpierre]

This reminds me of the time my wife's iTunes gift card balance was wiped out through the purchase of Chinese apps. Apple did nothing for us.

 

[max.ine]

What are Apple apologising for?
Not forcing 2FA?

I agree that they have nothing to apologise for, but ignoring it completely would be bad PR, which is probably the reason why.

Hopefully Apple does start enforcing 2FA so we see fewer cases like these.

 

[TheShadowKnows!]

After reading Apple "negative" statements (either disclaimers, or repair announcements, or ...) the canonical "only a few", or a "a small number of..." gets tagged-on by default.

It is almost like Apple's Pages app (if that is what they use, and not MS Word) has the metakey [COMAND]U key-pair mapped to either prepositional phrase./s

 

[szw-mapple fan]

What are Apple apologising for?
Not forcing 2FA?

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.

 

[Defthand]

After reading Apple "negative" statements (either disclaimers, or repair announcements, or ...) the canonical "only a few", or a "a small number of..." gets tagged-on by default.

It is almost like Apple's Pages app (if that is what they use, and not MS Word) has the metakey [COMAND]U key-pair mapped to either prepositional phrase./s

Apple is an obvious cherry picker when it comes to divulging stats. If a new processor improves a task speed from 4 seconds to 2 seconds, it’s “twice as fast”! If 2 million of their 250 million customers has a defective device, it is “an insignificant number”. Of course, we’ll never know the number of customers impacted by something negative, unlike when other tech companies are asked. And this is worrying for a company that routinely touts numbers when they brag.

 

[EdT]

Just curious why this is in the political and social forums?

Because China. It’s kind of been in US political news recently, especially when linked to technology companies.

 

[BornAgainMac]

Why did this have to be labeled? An attack on some Apple customers happened and Apple apologized.

 

[gnasher729]

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.

Putting your seatbelt on while driving is optional as well.

 

[Capeto]

I wonder if China can tell Apple to make their services stronger and better, that way it would actually get done.

 

[Kabeyun]

Did you read the article or just see “China” in the title and filled in the blanks?

His link is to QAnon material, so there’s your answer.
[doublepost=1539702003][/doublepost]

I wonder if China can tell Apple to make their services stronger and better, that way it would actually get done.

Apple did, without Mommy China. The users chose not to enable 2FA, and to click on an email bait link. They paid with a measly $288 and no identity theft (afawk). If they learned their lessons, I’d call it a good deal.

 

[cfurlin]

Apologize to the people of China, not China.

I wouldn’t be surprised to learn it’s their own government doing the hacking.

 

[BC2009]

Because this is about Apple kowtowing to China.

Idiots in China declined two factor authentication, then fell for a phishing attack, and so they lost money. It's hard to say it's Apple's fault here, but rather than defend themselves, Apple is just jumping straight to apologizing.

Yup. When this happens in the USA there is no apology and rightfully so. Apple would be at fault here if they did NOT offer 2FA. But they offer it and the user has the option to use it.

It’s also a big cultural thing in China... a lot can be forgiven if an apology is forthcoming.... not like here in the USA where an apology is an admission of guilt and an invitation for lawsuits.

Definitely cultural. It’s a big reason why Trump is facing difficulty getting China to bow down even when tariffs will affect China 10 times worse than they affect the USA. There is a certain level of pride you are dealing with and the apology allows those who were too lazy to use 2FA to save face. Trump needs to find a way for China’s leaders to renegotiate trade while saving face - he probably knows this as he has negotiated more business deals than I ever will.

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.

If you are saying that 2FA should be forced then you are being naive. Apple’s devices are used by people who could never manage 2FA. We are not talking about AWS here where the user base is all highly technical.

Forcing 2FA would be like a front door lock that always automatically locked when you closed the door. People need freedom to choose but it also makes them accountable for that choice.

 

[Ries]

Someone tell china to ask about the XS LTE/wifi issues. They seem to get a response.

 

[keysofanxiety]

Putting your seatbelt on while driving is optional as well.

Really?! It's illegal in the UK.