Users who have WeChat or Alipay accounts associated with their iCloud account may, according to a report, lose money if the Apple ID is breached.
Ant Financial, the operator of the payment service Alipay, and Tencent Holdings, provider of the competing service WeChat Pay, have warned their users against losing money by attacking their Apple ID. Details of how the attacks on the mobile payment process actually took place have not yet been officially communicated. Alipay and WeChat Pay are widely used in everyday life in China – for many users, they have replaced cash and credit cards, whether they are purchased from small retailers or large chains.
App Store purchases that have not been authorized
Many users of Alipay and WeChat Pay use Apple’s iOS devices, linking their Apple ID with the access data for the services. Apparently, after Apple ID data was stolen from Apple’s content offerings (such as the App Store or the iTunes Store), this burdened the Alipay and WeChat Pay accounts that users had previously deposited. It is unclear how the attackers got hold of the Apple ID gateways – Apple has been providing two-factor authentication for several years to protect it.
At the Apple ID depends on Apple
The Apple ID is Apple’s core user account, which is also used for iCloud and its synchronization services – including iCloud backup. According to a report in the Wall Street Journal, Chinese social media reported that users have lost hundreds of dollars in part of un-made app store purchases on their Alipay and WeChat pay accounts. How many customers are affected is unclear.
Alipay: Apple has to solve the problem
Alipay said in a post on the short message service Sina Weibo that Apple had not solved the problem so far. However, Apple itself did not want to wear this shoe over the Wall Street Journal and just said users should follow instructions to secure their Apple ID and enable two-factor authentication.
Apple has become one of the incidents took place. We regret the “inconvenience” caused by a – currently occurring in China – phishing wave. It was on “a small number of user accounts” has been accessed. The victims had not activated two-factor authentication.
Apple’s reaction follows broad coverage in the Chinese media – for example, the state broadcaster CCTV reported that users had lost money through app store purchases they did not make themselves. Alipay’s mother, Ant Financial, said they had “repeatedly” notified Apple of the problem.