China arrests 22 suspects for selling Apple user data on black market

Posted:
in iPhone
Police in the coastal Chinese province of Zhejiang have arrested 22 Apple distributors, accusing them of reselling iPhone user data to anyone willing to pay.




The people allegedly scoured an internal Apple database for information such as Apple IDs and phone numbers, according to Engadget. Prices for the illicit data ranged from 10 to 180 yuan, or around $1.50 to $26.

Collectively the distributors made about 50 million yuan -- $7.36 million -- before police intervened. Reports haven't revealed the number of affected accounts and devices, or other important facts, such as whether there were any victims outside of China.

Apple normally prides itself on its privacy and security, which raises questions of how and why the distributors had access to the database. China has long had problems with Apple IDs being sold on the black market -- typically, though, these are stolen by hackers, acquired through methods like phishing schemes.

Earlier this year, a group calling itself the "Turkish Crime Family" tried to hold Apple to ransom, claiming it had access to hundreds of millions of Apple accounts, and the ability to wipe iPhones and iPads. While the hackers said they were paid, Apple insisted that its servers hadn't been breached, and that the account information was "obtained from previously compromised third-party services."

Comments

  • Reply 1 of 7
    ZooMigoZooMigo Posts: 33member
    This should serve as a good reminder. If you have not yet enabled two-factor authentication, do it now. Last week I received messages of two attempts to log into my icloud account. Wasn't me.
    seanismorriswatto_cobrairelandlostkiwi
  • Reply 2 of 7
    boboliciousbobolicious Posts: 597member
    ...does this all route back to the premise of the app store introduced in 10.6...? All data roads lead to Apple...? Live by the sword... MacOS Pro ? owncloud.org ?
  • Reply 3 of 7
    MacProMacPro Posts: 18,359member
    These were Apple distributors?  As in official Apple distributors / dealers?  If so then that's just horrible, people maybe had equipment in for repair?  I'd like to read some more in depth details of just how this took place.
    robertwalterlostkiwi
  • Reply 4 of 7
    "…how and why the distributors had access to the database." Could that be because the Chinese government requires access to the database to protect itself from criticism? Cook warned the FBI that could happen here if forced to hack iOS for them in the San Bernardino iPhone 5c case.
    lostkiwi
  • Reply 5 of 7
    ZooMigo said:
    This should serve as a good reminder. If you have not yet enabled two-factor authentication, do it now. Last week I received messages of two attempts to log into my icloud account. Wasn't me.
    Warning to those w/o 2FA enabled.

    I received two different forms of a purported Apple message ("somebody tried to log in" and "we locked your account") last week (one in junk folder the other in inbox). Since I've had 2FA turned on since day 1, I knew these were likely phishing attempts. I checked the sender's domain and it was not apple.com. 

    I forward all good spoof mails to:
    [email protected] ,
    [email protected] ,
    as well as my email provider (you can google yours.). If the mail involves Apple I add 
    [email protected] .
    edited June 2017 HBW1
  • Reply 6 of 7
    gatorguygatorguy Posts: 20,932member
    MacPro said:
    These were Apple distributors?  As in official Apple distributors / dealers?  If so then that's just horrible, people maybe had equipment in for repair?  I'd like to read some more in depth details of just how this took place.
    They were reportedly 3rd party distributors so how and why they had access to Apple internal data isn't explained yet. But seeing as they were selling users credentials for a piddling sum yet took in over $7M doing so (at least the ones they've caught) that's a fair number of Apple users. 

    EDIT: When you have questions go to the source. The "thieves" were connected with an outside company that does marketing for Apple.That makes sense because Apple does share your personal information with 3rd parties "for marketing purposes" but not for resale obviously.  So the marketers might well have access to some internal data sets and perhaps found a way to get into other data they shouldn't have. Anyway the data illegally taken and sold included phone numbers, names, associated Apple ID's and other personal information.

    My guess is that it would only be Chinese users impacted, but that's not stated. 
    edited June 2017
Sign In or Register to comment.