You may think that a highly sophisticated system like Apple ID may be secure but unfortunately in the light of recent events, you may be forced to think otherwise. Two largest Chinese online payment firms, Ant Financial and Tencent Holdings warned users that hackers are using people’s stolen Apple IDs to swipe customer funds and make online payments from their accounts resulting a massive loss of cash.
For those who are not familiar, an Apple ID is an account made by people who use Apple products and is used to make payments and access services like iCloud, App Store and iTunes. Other than the user’s email address and password, an Apple ID also contains their payment details. Most users link their Apple IDs to payment services to simplify the process of adding payment details to multiple platforms.
According to state media China National Radio, some iPhone users recently complained about receiving notifications from the App Store of purchases that they didn’t make. There were also speculations on social media on text message notifications at odd hours resulting in a loss of hundreds of US Dollars.
Alipay, a subsidiary of Ant Financial, has inquired Apple multiple times to resolve this issue while their current response is that they’re still looking into the matter. A spokesperson from Apple has pointed out that on their website, they do suggest users to take preventive measures like two-factor authentication to avoid fraudulent situations.Other than that, there is no official statement from Apple regarding this issue as their representatives haven’t been responding to customer calls and emails.
Alipay has recently made a blogpost saying, “Since Apple hasn’t resolved this issue, users who’ve linked their Apple ID to any payment method, including Alipay, WePay or credit cards, may be vulnerable to theft.” WePay is Alipay’s rival online payment giant owned by Tencent Holdings. In an emailed statement, an operator from WePay said, “Tencent is actively communicating with Apple to better understand how it’s resolving the situation.”
Both Alipay and WePay hold billions of Dollars of customer funds to facilitate online payments. In fact, according to data firms like iResearch and Analysis, both these firms handled around $15 trillion last year in China on mobile transactions alone. This is probably because these are widely used by people to pay for public transports, utility bills and even investing in mutual funds. This makes them extremely vulnerable to cyber-attacks.
Till now, it is still unclear how the hackers have gotten hold of customer data, but it is being investigated by Apple. The best way to avoid situations like this is to, as mentioned before, use a two-factor authentication. What that does is prompt users to provide an additional code other than the account password while logging in to make an online transaction. Another way suggested by Alipay to minimize any loss, is to limit the amount that can be transferred from one’s account without a password.
A security breach like this is rare and this is probably the reason why many were caught off-guard by it. Apple’s services are considered more secure especially in China where consumers prefer them over those offered by its main competitor, Android.