Stolen Apple IDs Led to Customers in China Having Money Stolen From Connected WeChat Pay and AliPay Accounts

A major breach has been discovered in China related to Apple IDs, along with WeChat and AliPay accounts linked to those Apple IDs.

As was initially reported this week from The Wall Street Journal, it was recently discovered that thieves were able to get their hands on customer Apple IDs, which are linked to WeChat Pay and Alipay mobile payment options, and then subsequently use that data to make fraudulent App Store purchases, sometimes to the sum of 2,000 yuan (about $288), which is the maximum amount for a single purchase.

“China’s two mobile-payments giants said stolen Apple IDs were used to swipe customer funds, and called on Apple Inc. to address the issue.

Alipay, the payments affiliate of e-commerce giant Alibaba Group Holding Ltd., in recent days posted an online notice warning iPhone users, and saying some customers had lost money as a result.”

The customers who were affected by the fraudulent scheme say they received text messages confirming the purchases at odd hours of the night, and saw hundreds of dollars taken from their accounts. At the time of publication the details are still light, and it is not known how the thieves were able to acquire the Apple IDs.

Both companies have confirmed the breach and stolen money.

“Alipay’s notice didn’t say how many people had been affected, but said they did include iPhone users who connect their accounts to other payment systems, including its main rival WeChat Pay as well as credit cards. A spokeswoman for WeChat Pay, owned by Tencent Holdings Ltd., said it didn’t issue a notice to users, but a company statement to the media echoed Alipay.”

As it stands right now, Alipay says that Apple is looking into the matter. Both it and WeChat Pay each have about half a billion users, but it’s not known how many were affected by this breach of security.

Our Take

This is definitely a major issue, especially if it remains unknown how the thieves were able to get their hands on the stolen Apple IDs. While Apple is investigating it, a quick resolution would be the best possible scenario.

[via WSJ]