Apple Apologizes After Stolen Apple ID Credentials Aided in Phishing Attack in China

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,437
8,501



Apple has formally apologized to users in China over the hacking of some Chinese accounts in a series of phishing scams that hit the country last week. The successful phishing attacks used stolen Apple IDs to gain access to customer funds, leading to "a small number of...users' accounts" being accessed through these scams (via The Wall Street Journal).


In a statement shared in China today, Apple said: "We are deeply apologetic about the inconvenience caused to our customers by these phishing scams."

When news of the incident emerged last week, Chinese mobile payment companies Alipay and WeChat reported that hackers were able to take an unknown amount of money from accounts using stolen Apple IDs. Some users were said to have lost up to 2,000 yuan ($288) following the breach.

According to Apple's new statement, these victims had not enabled two-factor authentication, making it easier for the hackers to gain access to their accounts. Apple didn't confirm how many users were affected in China, how much money was stolen in total, or how the hackers gained access to the Apple IDs in question. The company encouraged all users to enable two-factor authentication on their accounts to ensure further security protections are in place.

China remains important to Apple's overseas expansion plans, but the company has faced numerous speed bumps in this regard over the years. In 2018, Apple moved Chinese iCloud data to state-owned China Telecom, which brought up user privacy concerns; faced an issue with an overabundance of illegal gambling apps on the Chinese iOS App Store; and is now attempting to clamp down on iMessage spam in the country.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Apologizes After Stolen Apple ID Credentials Aided in Phishing Attack in China
 

AngerDanger

macrumors 601
Dec 9, 2008
4,384
19,073
I hate the blind defense of Apple some MR users provide, but this… really doesn’t seem like Apple’s fault.

1. This wasn't much of a "hack" if the users had to give their info to services not actually hosted by Apple.
2. Apple provides two-factor-authenticaltion as a means to reduce your risk of giving this information over.
 
Last edited:

ArtOfWarfare

macrumors G3
Nov 26, 2007
8,559
3,966
Just curious why this is in the political and social forums?
Because this is about Apple kowtowing to China.

Idiots in China declined two factor authentication, then fell for a phishing attack, and so they lost money. It's hard to say it's Apple's fault here, but rather than defend themselves, Apple is just jumping straight to apologizing.
 

max.ine

macrumors 6502
Aug 16, 2016
250
362
What are Apple apologising for?
Not forcing 2FA?
I agree that they have nothing to apologise for, but ignoring it completely would be bad PR, which is probably the reason why.

Hopefully Apple does start enforcing 2FA so we see fewer cases like these.
 

TheShadowKnows!

macrumors 6502a
Sep 30, 2014
800
1,563
National Capital Region
After reading Apple "negative" statements (either disclaimers, or repair announcements, or ...) the canonical "only a few", or a "a small number of..." gets tagged-on by default.

It is almost like Apple's Pages app (if that is what they use, and not MS Word) has the metakey [COMAND]U key-pair mapped to either prepositional phrase./s
 
  • Like
Reactions: niji and Defthand

szw-mapple fan

macrumors 68000
Jul 28, 2012
1,583
1,027
What are Apple apologising for?
Not forcing 2FA?
A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.
 
  • Like
Reactions: niji

Defthand

macrumors 65816
Sep 1, 2010
1,275
1,632
After reading Apple "negative" statements (either disclaimers, or repair announcements, or ...) the canonical "only a few", or a "a small number of..." gets tagged-on by default.

It is almost like Apple's Pages app (if that is what they use, and not MS Word) has the metakey [COMAND]U key-pair mapped to either prepositional phrase./s
Apple is an obvious cherry picker when it comes to divulging stats. If a new processor improves a task speed from 4 seconds to 2 seconds, it’s “twice as fast”! If 2 million of their 250 million customers has a defective device, it is “an insignificant number”. Of course, we’ll never know the number of customers impacted by something negative, unlike when other tech companies are asked. And this is worrying for a company that routinely touts numbers when they brag.
 

Capeto

macrumors regular
Jul 9, 2015
120
295
I wonder if China can tell Apple to make their services stronger and better, that way it would actually get done.
 
  • Like
Reactions: Shad0wLandsUK

Kabeyun

macrumors 68020
Mar 27, 2004
2,243
3,804
Eastern USA
Did you read the article or just see “China” in the title and filled in the blanks?
His link is to QAnon material, so there’s your answer.
[doublepost=1539702003][/doublepost]
I wonder if China can tell Apple to make their services stronger and better, that way it would actually get done.
Apple did, without Mommy China. The users chose not to enable 2FA, and to click on an email bait link. They paid with a measly $288 and no identity theft (afawk). If they learned their lessons, I’d call it a good deal.
 
  • Like
Reactions: niji

cfurlin

macrumors 6502
Jun 14, 2011
364
630
Apologize to the people of China, not China.

I wouldn’t be surprised to learn it’s their own government doing the hacking.
 
  • Like
Reactions: bwillwall

BC2009

macrumors 68000
Jul 1, 2009
1,921
231
Because this is about Apple kowtowing to China.

Idiots in China declined two factor authentication, then fell for a phishing attack, and so they lost money. It's hard to say it's Apple's fault here, but rather than defend themselves, Apple is just jumping straight to apologizing.
Yup. When this happens in the USA there is no apology and rightfully so. Apple would be at fault here if they did NOT offer 2FA. But they offer it and the user has the option to use it.

It’s also a big cultural thing in China... a lot can be forgiven if an apology is forthcoming.... not like here in the USA where an apology is an admission of guilt and an invitation for lawsuits.
Definitely cultural. It’s a big reason why Trump is facing difficulty getting China to bow down even when tariffs will affect China 10 times worse than they affect the USA. There is a certain level of pride you are dealing with and the apology allows those who were too lazy to use 2FA to save face. Trump needs to find a way for China’s leaders to renegotiate trade while saving face - he probably knows this as he has negotiated more business deals than I ever will.

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.
If you are saying that 2FA should be forced then you are being naive. Apple’s devices are used by people who could never manage 2FA. We are not talking about AWS here where the user base is all highly technical.

Forcing 2FA would be like a front door lock that always automatically locked when you closed the door. People need freedom to choose but it also makes them accountable for that choice.
 
  • Like
Reactions: cote32mt