South China Morning Post
Advertisement
Advertisement
Apple
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
AbacusCulture

How stolen Apple IDs allow hackers to steal money in Alipay and WeChat

iPhone users say their funds were used for unauthorized digital purchases

Apple
Josh Ye
Josh Ye
Why you can trust SCMP
This article originally appeared on ABACUS

WeChat Pay and Alipay have confirmed that the digital wallets of some iPhone users were stolen to buy games and other items from Apple’s App Store.

Chinese media say the breach affected at least 700 users in China, with some reporting losses of up to hundreds of US dollars. Victims say they’ve been receiving notifications at odd hours of the day, alerting them about transactions they don’t recognize.

Here’s how it happened.

In China, WeChat Pay and Alipay are included as payment options in Apple’s iTunes and App Store -- the same way that PayPal and credit cards are elsewhere in the world.

Alipay and WeChat Pay are so ubiquitous in China that Apple has chosen to include them as a payment alternative to credit cards.

That means once you select WeChat Pay or Alipay as your default payment method, money will automatically be deducted for purchases made via Apple ID -- whether you’re buying music, movies or apps.

Both Chinese companies say hackers are making unauthorized purchases through stolen Apple IDs. It’s unclear how they managed to steal the IDs in the first place, but Alipay said it’s asked Apple “many times” to look into how the thefts occurred, and WeChat also says it has been in contact with Apple. Apple did not immediately respond to our request for comment.

One user said his money was stolen to buy QQ virtual coins, which are often used in Tencent’s games. (Picture: Xinhua)

So what can Apple users in China do to protect themselves?

First off, enabling Apple’s “ two-factor authentication” is an effective way to help prevent Apple ID fraud. When you log in from a new device, it requires you to enter your Apple ID password, as well as a verification code that will automatically pop up on another device you’re already using. That means even if a hacker has your password, it’s unlikely they can use your Apple ID on any devices other than your own.
Meanwhile, Alipay issued an online notice on Weibo instructing users how to put a cap on the amount of money that can be transferred from Alipay to Apple. The limit can be set to as low as US$29 a month.

How Weibo became China’s most popular blogging platform

Apple has run into other problems in China lately. In July, it was slammed by Chinese state media after some Apple users were bombarded by spam on iMessage. Back then, the company said it reached out to telecom firms about the issue.

(Abacus is a unit of the South China Morning Post, which is owned by Alibaba -- an affiliate of Ant Financial, which operates Alipay.)

iMessage spammers batter Apple users in China

 

For more insights into China tech, sign up for our tech newsletters, subscribe to our Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.

Post