Apple has apologized to some of its users in China after a wave of phishing attacks targeted accounts in the country last week.
The phishing scams involved unknown attackers using stolen Apple ID credentials to log into mobile payment wallets like Alipay or WeChat Pay, which so immensely popular in the region that they’re basically a ubiquitous fact of daily life. The wallets were then used to make unauthorized App Store purchases.
“We are deeply apologetic about the inconvenience caused to pour customers by these phishing scams,” Apple wrote in a Chinese-language statement (as seen by The Wall Street Journal).
The company did not release statistics on how many Apple IDs were impacted or how much total money was lost among affected users. In an English-language statement, Apple said that a “small number” of its users’ accounts were affected.
But while Apple didn’t release any specific numbers, the WSJ reported last week that some users said they received receipts for fraudulent single App Store transactions up to 2,000 yuan ($288).
According to current reports, the attacks were limited to users who specifically had their Alipay or WeChat Pay accounts linked to their Apple IDs.
It isn’t clear how those Apple IDs were stolen, however. It does not appear to be a data breach coming from Apple, so it’s likely that login credentials were stolen through phishing attacks or similar scams.
Apple indicated that the impacted Apple IDs did not have two-factor authentication enabled. That likely made it much easier for the attackers to log in and compromise those accounts.
While Apple doesn’t require it, the Cupertino tech giant encouraged all users to enable two-factor authentication on their Apple IDs. It’s likely that the extra security measure could have prevented some of the fraudulent transactions.
The incident underscores some of the issues that foreign technology firms face in China, which is a critical region for both the smartphone and the broader tech industry.
Apple has faced backlash from civil rights groups and privacy advocates over its moving of Chinese user iCloud data to state-owned servers. The company has also seen similar controversies over illegal gambling apps on the iOS App Store and the increasing problem of iMessage spam in the region.