China arrests 22 suspects for selling Apple user data on black market
Police in the coastal Chinese province of Zhejiang have arrested 22 Apple distributors, accusing them of reselling iPhone user data to anyone willing to pay.
The people allegedly scoured an internal Apple database for information such as Apple IDs and phone numbers, according to Engadget. Prices for the illicit data ranged from 10 to 180 yuan, or around $1.50 to $26.
Collectively the distributors made about 50 million yuan -- $7.36 million -- before police intervened. Reports haven't revealed the number of affected accounts and devices, or other important facts, such as whether there were any victims outside of China.
Apple normally prides itself on its privacy and security, which raises questions of how and why the distributors had access to the database. China has long had problems with Apple IDs being sold on the black market -- typically, though, these are stolen by hackers, acquired through methods like phishing schemes.
Earlier this year, a group calling itself the "Turkish Crime Family" tried to hold Apple to ransom, claiming it had access to hundreds of millions of Apple accounts, and the ability to wipe iPhones and iPads. While the hackers said they were paid, Apple insisted that its servers hadn't been breached, and that the account information was "obtained from previously compromised third-party services."
The people allegedly scoured an internal Apple database for information such as Apple IDs and phone numbers, according to Engadget. Prices for the illicit data ranged from 10 to 180 yuan, or around $1.50 to $26.
Collectively the distributors made about 50 million yuan -- $7.36 million -- before police intervened. Reports haven't revealed the number of affected accounts and devices, or other important facts, such as whether there were any victims outside of China.
Apple normally prides itself on its privacy and security, which raises questions of how and why the distributors had access to the database. China has long had problems with Apple IDs being sold on the black market -- typically, though, these are stolen by hackers, acquired through methods like phishing schemes.
Earlier this year, a group calling itself the "Turkish Crime Family" tried to hold Apple to ransom, claiming it had access to hundreds of millions of Apple accounts, and the ability to wipe iPhones and iPads. While the hackers said they were paid, Apple insisted that its servers hadn't been breached, and that the account information was "obtained from previously compromised third-party services."
Comments
I received two different forms of a purported Apple message ("somebody tried to log in" and "we locked your account") last week (one in junk folder the other in inbox). Since I've had 2FA turned on since day 1, I knew these were likely phishing attempts. I checked the sender's domain and it was not apple.com.
I forward all good spoof mails to:
spam@uce.gov ,
phishing-report@us-cert.gov ,
as well as my email provider (you can google yours.). If the mail involves Apple I add
reportphishing@apple.com .
EDIT: When you have questions go to the source. The "thieves" were connected with an outside company that does marketing for Apple.That makes sense because Apple does share your personal information with 3rd parties "for marketing purposes" but not for resale obviously. So the marketers might well have access to some internal data sets and perhaps found a way to get into other data they shouldn't have. Anyway the data illegally taken and sold included phone numbers, names, associated Apple ID's and other personal information.
My guess is that it would only be Chinese users impacted, but that's not stated.