Hackers using stolen Apple IDs to swipe cash in China

 It was unclear how the attackers got the Apple IDs, which are required for iPhone users who buy content such as music from iTunes.
It was unclear how the attackers got the Apple IDs, which are required for iPhone users who buy content such as music from iTunes.PHOTO: REUTERS

HONG KONG • Ant Financial's Alipay and Tencent Holdings have warned that cyber attackers employed stolen Apple IDs to break into customers' accounts and made off with an unknown amount of cash in a rare security breach for China's top digital payment providers.

Alipay, whose parent also operates the world's largest money market fund, said on Wednesday on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach.

It warned users who have linked their Apple IDs to any payment services, including Tencent's WePay, to lower transaction limits to prevent further losses. Tencent said in a separate statement it too had noticed the cyberheist and reached out to the iPhone maker.

China's two largest companies both recommended users of their digital wallets to take steps to safeguard their Apple accounts, such as by changing their passwords.

It was unclear how the attackers got the Apple IDs, which are required for iPhone users who buy content such as music from iTunes.

Apple representatives have not responded to requests for comment.

Alipay said in its blogpost: "Since Apple hasn't resolved this issue, users who've linked their Apple ID to any payment method, including Alipay, WePay or credit cards, may be vulnerable to theft."

 

Ant Financial, controlled by billionaire Alibaba co-founder Jack Ma, is estimated to handle more than half of China's US$17 trillion (S$23 trillion) in annual online payments.

Tencent's rival payment platform is a key component of its social media service WeChat, which has more than a billion users. "Tencent is actively communicating with Apple to better understand how it's resolving the situation," it said in a statement.

BLOOMBERG

A version of this article appeared in the print edition of The Straits Times on October 12, 2018, with the headline 'Hackers using stolen Apple IDs to swipe cash in China'. Print Edition | Subscribe