Apple accounts compromised in phishing hacks, used for purchases
What's the story
Nearly a week ago, some Chinese iPhone users revealed cases of money being stolen from their Apple accounts. They got payment notification for unauthorized App Store purchases at odd hours, leading many to think that some Apple IDs have been stolen. Now, Apple has confirmed that this was the result of a phishing scam. More details follow.
Apology
Apple 'deeply apologetic' for the hack
In a statement to the Wall Street Journal, Apple apologized to the victims of the scam. The company didn't reveal specific details of the attack but said only "a small number of our users" who didn't have two-factor authentication enabled were affected. "We are deeply apologetic about the inconvenience caused to our customers by these phishing scams," its statement read.
Details
Hackers used connected accounts for payment
On gaining login details, the hackers made App Store purchases by using already connected payment options - Alibaba's Alipay and Tencent's WeChat Pay. Hundreds of dollars, with a maximum 2,000 yuan (Rs. 21,000), were spent on purchases, leading to complaints from both companies. The total amount spent still remains unclear, but sources say Apple will be refunding the money to the affected users.
Information
Apple's advice to prevent such issues
While apologizing for the scam, Apple also requested users to enable two-factor authentication - where login is approved with a verification code received on mobile - to prevent such incidents from happening in the future.