Apple has apologized to its iCloud customers in China whose accounts were hacked due to phishing scams. Hackers managed to use the hacked Apple IDs to swipe funds from the linked AliPay and WeChat accounts of the customer.
Apple says in its statement that all the affected accounts were not secured using 2FA, and it is strongly recommending users to enable 2FA for improved security. Apple has not revealed the number of users affected by the hack, though it says only a small number of user accounts were compromised.
In its English statement Tuesday, Apple said it found “a small number of our users’ accounts” had been accessed through phishing scams. “We are deeply apologetic about the inconvenience caused to our customers by these phishing scams,” Apple said in its Chinese statement.
The hacking incident had received wide media coverage, including a detailed report from Chinese state broadcaster CCTV. The report claimed that customers whose iCloud accounts were hacked lost money to unauthorized App Store transactions they never made.
The iCloud hacking event in China seems like a simple phishing attack where unsuspected users ended up sharing their iCloud login details with a phishing website whose link they must have received either over email or SMS.
While Apple has apologized for the iCloud phishing hack in China, the security of one’s account rests solely on the hands of its owner. Apart from using a strong password and setting up two-factor authentication, users should also not share their passwords and other key account details with anyone or any suspicious looking website.
If you have not already enabled two-factor authentication for your iCloud account, you should strongly consider doing so.