Apple Made Apology Due to Apple ID Phishing Attacks
Just a few weeks after Facebook and Google faced controversial embarrassment when it comes to their security, seems like it is Apple’s turn for their own version of a security fiasco. Apple has officially apologized for the hacked Apple’s ID, as some of their customers in mainland China were targeted by spear phishing. The world’s most valuable company stressed its regret knowing that some of their Chinese customers lost an average of $290 each due to a phishing attack, which caused these users to lose control of their Apple IDs.
“We are deeply apologetic about the inconvenience caused to our customers by these phishing scams. China is a key market for Apple and the fraud is the latest challenge it is facing in an area where its share of the smartphone market has been treading water … The hacking incident received broad media coverage in China, including detailed reports by state broadcaster CCTV that included victims saying they lost money to App Store purchases they didn’t make. The broadcaster urged the companies to be more responsive,” explained Apple in their public press statement issued to China.
Even with the public apology, Apple has not revealed the amount of money stolen from the Chinese Apple device users. There is one thing in common for those victims of spear phishing, they all lack two-factor authentication setup in their Apple IDs. Apple also refused to disclose how many Chinese users fall for the phishing attempt.
“Apple’s operating systems encourage users to upgrade their accounts to two-factor authentication security regularly. However, there is still a significant proportion of the Apple ID user base that has not enabled the feature,” said by the Pro-Apple site 9to5Mac.
Apple ID operates similar to the implementation of Google, with its Google user account. An Apple device user requires creating an Apple ID in order to use the Apple App Store, download music from iTunes, download apps for the MacOS computer and other services offered by Apple. The Apple Pay system is also highly integrated with the Apple ID, hence stolen accounts were subjected to the unfortunately lost account balance in the process.
A mainstream payment processor, Alibaba, which is also a popular force on the Internet as well as expressed their official statement about the Apple ID phishing issue. The company confirmed that successful transactions were linked from the stolen Apple ID, due to lack of heads-up those questionable transactions proceeded without any issue.
Two-factor authentication is not a new technology but really helps in lessening the chances of the account being stolen by phishers. With two-factor authentication, the user login requires two things:
• Something the user has (a token)
• Something the user knows (a password or PIN)
For example, Bank ATMs perform two-factor authentication for many decades now. In order to perform bank transactions using an automatic teller machine (ATM), a customer must have an ATM card (a token) and must know the correct PIN to use with the card. If a user’s PIN becomes compromised, the user’s bank account cannot be accessed without the user’s ATM card. If the user’s ATM card is stolen, it is useless without the associated PIN. Requiring two factors for authentication, as in the ATM example, is far more secure than password authentication alone.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.