Chinese Apple Staff Detained for Selling $7 Million Worth of User Data

Twenty Apple employees, and two accomplices, were apprehended this week by Chinese authorities over their alleged role in orchestrating an underground personal data theft operation, according to a report published by the Hong Kong Free Press.

The employees, who allegedly worked in Apple’s China-based direct marketing and product outsourcing departments, have been accused of exploiting the iPhone-maker’s computer system in order to collect Apple user’s personal data — including names, phone numbers, Apple ID credentials, and more — prior to selling it on the black market as part of a scam that authorities say could exceed 50 million yuan ($7.36 million). A joint statement issued by Chinese authorities in four key provinces — Guangdong, Jiangsu, Zhejiang, and Fujian — did not indicate whether the stolen data belonged to Chinese or foreign Apple customers, or how much of it was sold off to anyone willing to pay.

The unraveling of this underground empire of thievery was ultimately discovered by authorities following months of investigation into the suspected activity, which culminated long after the group began distributing the illegally-harvested data (or individual pieces thereof) for as little as 10 yuan ($1.50), to as much as 180 yuan ($26.50), apiece.

When the group of nefarious actors was detained over the weekend by Zhejiang authorities, their arsenal of “criminal tools” and online network for carrying out their scheme were seized and dismantled.

China is notorious for its underground ‘black market’ — an ‘underground’ channel through which counterfeit and illegally-pirated goods and information can be sold to essentially anyone willing to pony up the coin.

Back in December of last year, reporters for the Guangzhou-based Southern Metropolis Daily Newspaper investigated and exposed a similar black market/private data scheme that centered around illegally harvested data from police and government agencies — which prompted the Chinese government’s implementation of a controversial new cybersecurity law that’s meant to “protect the country’s networks and private user data.”

Reporters working for the Southern Metropolis Daily News, in that instance, were able to uncover a trove of data on one of their own colleagues, including the individual’s travel history, flight and hotel check-in information, and personal property holdings, in exchanged for 700 yuan (about $100).

Data Theft Around the World

The latest report comes amidst a whirlwind of hackers’ increasingly desperate attempts to extort private data in hopes of obtaining monetary compensation. Back in March of this year, for example, a group of hackers known as the Turkish Crime Family sounded the alarm that they were able to breach the personal iCloud accounts of over 300 million users, threatening in a series of Tweets that they would distribute said data if Apple failed to pay a ransom on time. Apple, of course, refused to comply with their request — however the Turkish Crime Family nevertheless followed-up with an ostensibly questionable claim that Apple, in fact, paid them $480,000 in Bitcoin currency to settle the score.