Chinese consumer group demands Apple compensate stolen Apple ID owners

Posted:
in iCloud
The China Consumer Association is calling on Apple to fully compensate people who lost money as a result of stolen iCloud accounts, arguing the company is downplaying a recent security breach.

Apple store


"Apple should not shift the blame, play down its own safety issues and divert consumers' attention," the group said according to Reuters. The issue is said to be generating heavy media attention, ranking as one of the most popular topics on social network Weibo.

In apologizing for the incident earlier this week, Apple claimed that a "small number of our users' accounts were accessed through phishing scams where two-factor authentication was not enabled," placing responsibility on the victims. Affected people had money stolen from their Alipay accounts, and Apple noted that it saw a surge in "false and fraudulent refund claims trying to take advantage of this incident."

Apple declined to comment further on the Reuters report, referring back to its earlier comments, in which it noted that it was talking to "relevant consumer agencies and listening to customer feedback about those changes."

Apple has yet to say exactly how many people were impacted by the matter, and how much money was lost. Social media posts, though, suggest that some people lost hundreds of dollars.
derekcurrie
«1

Comments

  • Reply 1 of 26
    wood1208wood1208 Posts: 1,616member
    How in a world Apple's fault if user don't read user agreement. Use 2-factor authentication, don't use appleid to log into shady sites,Use Apple Pay. But, Apple is not Chinese company so why not skim ? Such incident brings out fraudulent claims and lawyers to benefit,.
    edited October 19 racerhomie3derekcurriebaconstangwatto_cobra
  • Reply 2 of 26
    MhobMhob Posts: 1member
    Apple needs to make the Horses drink. 2FA should no longer be an opt-in. It should be required. 
    derekcurrieviclauyycwatto_cobra
  • Reply 3 of 26
    lkrupplkrupp Posts: 6,447member
    Mhob said:
    Apple needs to make the Horses drink. 2FA should no longer be an opt-in. It should be required. 
    On the Apple discussion forums there’s a constant stream of posts asking how to turn off 2 factor authentication because it’s inconvenient. When told they cannot they go ballistic. The ‘horses’ are never satisfied with anything.
    muthuk_vanalingamderekcurrieracerhomie3watto_cobra
  • Reply 4 of 26
    lkrupplkrupp Posts: 6,447member
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    derekcurriemagman1979racerhomie3watto_cobra
  • Reply 5 of 26
    Time to appease the Chinese. Apple is great at this.
  • Reply 6 of 26
    linkmanlinkman Posts: 847member
    Having Apple pay for people being victims of phishing would be like banks repaying those victimized by Nigerian 419 scams.
    derekcurrieRayz2016stompywatto_cobra
  • Reply 7 of 26
    Yeah, let's not go after the phishers, go after the people whose advice about how to avoid the phishers you ignored.  Makes perfect sense.
    baconstangstompylostkiwiwatto_cobra
  • Reply 8 of 26
    gatorguygatorguy Posts: 19,319member
    lkrupp said:
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    The articles I had read didn't say it had been shown to be a phishing scheme that led to it AFAICT, instead that it's wasn't yet determined how it happened. Apple did say that none of the affected accounts had 2FA enabled so the assumption would be that users themselves were primarily to blame, but I dont think Apple themselves had said how the account credentials had actually been accessed. 
    muthuk_vanalingam
  • Reply 9 of 26
    Mhob said:
    Apple needs to make the Horses drink. 2FA should no longer be an opt-in. It should be required. 
    If this technologically illiterate consumer group presses their case in court, there is no doubt that two-factor authentication will become a requirement of Apple users, like it or not. Then the next goal will be 3FA.

    This what is colloquially known as "Wetware Error", PEBCAK ("Problem Exists Between Chair And Keyboard"), and professionally known as Social Engineering. It has nothing-at-all to do with Apple's responsibilities. There is no shifting of blame here. I'm astonished that Apple's lawyers allowed the company to apologize as there is nothing to apologize for! Instead, what Apple is doing is pointing out that they too find PHISHING (the actual catalyst of the problem, not Apple) to be unacceptable and in need of further preventative measures. 

    I use 2FA. Apple has stumbled/bumbled a bit as they got used to 2FA. But Apple has refined it very reasonably and very safely of late. Adding security to any system will always compromise Ease Of Use. Convenience vs Security is forever a compromise.

    As for my part, since 1998 I've reported my spam to spamcop.net. Anyone can do it for free. I've usually donated to them as well. Additionally, I forward ALL Apple phishing attempts directly to Apple via their kindly provided phishing report email address: reportphishing@apple.com . You're welcome, China.

    Many companies, such as Apple, gratefully accept reports of phishing spam attacks. Some even sent thank you notes! (Hello PayPal and LinkedIn!) A few companies make the reporting of phishing difficult. (*Grumble* Google and Yahoo!) Too many companies don't care and either ignore the problem or tell you to go elsewhere. The fact is that the very best place to report phishing is directly to the company being phished. If a company is blowing off phishing reports, complain to them about their bad, careless, self-destructive attitude, if you can.
    watto_cobra
  • Reply 10 of 26
    gatorguygatorguy Posts: 19,319member
    As for my part, since 1998 I've reported my spam to spamcop.net. Anyone can do it for free. I've usually donated to them as well. Additionally, I forward ALL Apple phishing attempts directly to Apple via their kindly provided phishing report email address: reportphishing@apple.com . You're welcome, China.

    Many companies, such as Apple, gratefully accept reports of phishing spam attacks. Some even sent thank you notes! (Hello PayPal and LinkedIn!) A few companies make the reporting of phishing difficult. (*Grumble* Google and Yahoo!) Too many companies don't care and either ignore the problem or tell you to go elsewhere. 
    Nice post! Well done sir. 

    To better understand phishing and Google:
    https://support.google.com/mail/answer/8253?hl=en
    If using GMail simply manually moving a suspected phishing email into your spam folder reports it to Google. IMO Google also does an admirable job of detecting many phishing emails so that the user is never exposed to them to begin with. 

    Prompted in part by a very short-lived (approx. 1hr) but could have been very dangerous phishing scheme last May Google rolled out stronger protections for all Google account holders within the week.  Enterprise/GSuite admins in particular were given tools earlier this year to harden their systems against malware and phishing schemes. 
    https://www.bleepingcomputer.com/news/google/google-deploys-new-anti-phishing-and-malware-detection-features-for-g-suite-users/
    https://www.engadget.com/2017/05/06/google-explains-phishing-scam-defense/
    edited October 19 derekcurrie
  • Reply 11 of 26
    steven n.steven n. Posts: 1,067member
    gatorguy said:
    lkrupp said:
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    The articles I had read didn't say it had been shown to be a phishing scheme that led to it AFAICT, instead that it's wasn't yet determined how it happened. Apple did say that none of the affected accounts had 2FA enabled so the assumption would be that users themselves were primarily to blame, but I dont think Apple themselves had said how the account credentials had actually been accessed. 
    Typical, behind the 8-ball as usual.

    https://www.wsj.com/articles/apple-deeply-apologetic-over-account-hacks-in-china-1539690961?mod=rss_Technology
  • Reply 12 of 26
    magman1979magman1979 Posts: 1,066member
    Are you F'ing KIDDING ME??? These people are idiots for not securing their accounts properly, were stupid enough to fall for phishing scams, and now want APPLE to PAY for THEIR IDIOCY???

    O...M...F...G...

    I'm truly losing all hope for Humanity...
    foggyhillderekcurriestompywatto_cobra
  • Reply 13 of 26
    gatorguygatorguy Posts: 19,319member
    steven n. said:
    gatorguy said:
    lkrupp said:
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    The articles I had read didn't say it had been shown to be a phishing scheme that led to it AFAICT, instead that it's wasn't yet determined how it happened. Apple did say that none of the affected accounts had 2FA enabled so the assumption would be that users themselves were primarily to blame, but I dont think Apple themselves had said how the account credentials had actually been accessed. 
    Typical, behind the 8-ball as usual.

    (LOLhttps://forums.appleinsider.com/discussion/comment/3099730/#Comment_3099730 )

    https://www.wsj.com/articles/apple-deeply-apologetic-over-account-hacks-in-china-1539690961?mod=rss_Technology
    "At the time, it wasn’t clear how the login credentials were obtained, but Apple later said  (in their apology) that it was through a phishing attack on Apple ID owners who did not have two-factor authentication (2FA)  enabled."

    Thanks.
    edited October 19
  • Reply 14 of 26
    gatorguy said:
    steven n. said:
    gatorguy said:
    lkrupp said:
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    The articles I had read didn't say it had been shown to be a phishing scheme that led to it AFAICT, instead that it's wasn't yet determined how it happened. Apple did say that none of the affected accounts had 2FA enabled so the assumption would be that users themselves were primarily to blame, but I dont think Apple themselves had said how the account credentials had actually been accessed. 
    Typical, behind the 8-ball as usual.

    https://www.wsj.com/articles/apple-deeply-apologetic-over-account-hacks-in-china-1539690961?mod=rss_Technology
    "At the time, it wasn’t clear how the login credentials were obtained, but Apple later said  (in their apology) that it was through a phishing attack on Apple ID owners who did not have two-factor authentication (2FA)  enabled."

    Thanks.
    Phishing Apple accounts is very old news, well known within the Mac security community. Recall the brazen revelation of naked celebrity photos on the net over a period of years. The chatter was all about how hackers broke into user's accounts and stole their photos. Nope! There never was any hacking involved. All of it was due to phishing. They did eventually catch the main guy responsible and toss him in jail. That incident inspired Apple to get serious about 2FA. But again, they had nothing to apologize for. It was simply more Wetware Error.

    And note that Apple phishing spam has become remarkably sophisticated. The ongoing crop uses fake purchase notifications, such as users having been charged to join Apple Music. They post a link where users can go if they disagree with the charge. THAT is the phishing link. What's at the other end looks remarkably like you're contacting Apple to complain about the charge you never requested. Hand over your ID, password, charge method and they got you. If you're not paying attention, it's easy to fall for it. But it's NOT Apple's fault.
    watto_cobra
  • Reply 15 of 26
    gatorguygatorguy Posts: 19,319member
    gatorguy said:
    steven n. said:
    gatorguy said:
    lkrupp said:
    So these people fell for phishing scams, didn’t care about their account security, and now want Apple to make them whole? I thought crap like this only happens in the U.S. where everybody is a victim and a survivor of someone or some corporation. 
    The articles I had read didn't say it had been shown to be a phishing scheme that led to it AFAICT, instead that it's wasn't yet determined how it happened. Apple did say that none of the affected accounts had 2FA enabled so the assumption would be that users themselves were primarily to blame, but I dont think Apple themselves had said how the account credentials had actually been accessed. 
    Typical, behind the 8-ball as usual.

    https://www.wsj.com/articles/apple-deeply-apologetic-over-account-hacks-in-china-1539690961?mod=rss_Technology
    "At the time, it wasn’t clear how the login credentials were obtained, but Apple later said  (in their apology) that it was through a phishing attack on Apple ID owners who did not have two-factor authentication (2FA)  enabled."

    Thanks.
    Phishing Apple accounts is very old news, well known within the Mac security community. Recall the brazen revelation of naked celebrity photos on the net over a period of years. The chatter was all about how hackers broke into user's accounts and stole their photos. Nope! There never was any hacking involved. All of it was due to phishing. They did eventually catch the main guy responsible and toss him in jail. That incident inspired Apple to get serious about 2FA. But again, they had nothing to apologize for. It was simply more Wetware Error.

    And note that Apple phishing spam has become remarkably sophisticated. The ongoing crop uses fake purchase notifications, such as users having been charged to join Apple Music. They post a link where users can go if they disagree with the charge. THAT is the phishing link. What's at the other end looks remarkably like you're contacting Apple to complain about the charge you never requested. Hand over your ID, password, charge method and they got you. If you're not paying attention, it's easy to fall for it. But it's NOT Apple's fault.
    It certainly is not. We agree.
    derekcurrie
  • Reply 16 of 26
    A Chinese consumer group? Baloney. I don’t believe such a group would be allowed to exist in China unless the PRC was behind it to use as a propaganda or blackmailing tool against Western (or any non-Chinese) companies in China.
    edited October 19 derekcurrieboltsfan17watto_cobra
  • Reply 17 of 26
    Rayz2016Rayz2016 Posts: 4,343member
    gatorguy said:
    As for my part, since 1998 I've reported my spam to spamcop.net. Anyone can do it for free. I've usually donated to them as well. Additionally, I forward ALL Apple phishing attempts directly to Apple via their kindly provided phishing report email address: reportphishing@apple.com . You're welcome, China.

    Many companies, such as Apple, gratefully accept reports of phishing spam attacks. Some even sent thank you notes! (Hello PayPal and LinkedIn!) A few companies make the reporting of phishing difficult. (*Grumble* Google and Yahoo!) Too many companies don't care and either ignore the problem or tell you to go elsewhere. 
    Nice post! Well done sir. 

    To better understand phishing and Google:
    https://support.google.com/mail/answer/8253?hl=en
    If using GMail simply manually moving a suspected phishing email into your spam folder reports it to Google. IMO Google also does an admirable job of detecting many phishing emails so that the user is never exposed to them to begin with. 

    Prompted in part by a very short-lived (approx. 1hr) but could have been very dangerous phishing scheme last May Google rolled out stronger protections for all Google account holders within the week.  Enterprise/GSuite admins in particular were given tools earlier this year to harden their systems against malware and phishing schemes. 
    https://www.bleepingcomputer.com/news/google/google-deploys-new-anti-phishing-and-malware-detection-features-for-g-suite-users/
    https://www.engadget.com/2017/05/06/google-explains-phishing-scam-defense/
     Working overtime after the G+ breach I see.


    watto_cobra
  • Reply 18 of 26
    Rayz2016Rayz2016 Posts: 4,343member
    I had an email from Warren Buffet the other day.

    Apparently he's going into hospital for treatment and this has led him to appraise some aspects of his life. To this end, he'd like to give me $1.5milion that I can distribute to any charity that I deem to be worthy.

    Anyone else see that one?

    Sounds genuine.


    crudmanwatto_cobra
  • Reply 19 of 26
    gatorguygatorguy Posts: 19,319member
    Rayz2016 said:
    gatorguy said:
    As for my part, since 1998 I've reported my spam to spamcop.net. Anyone can do it for free. I've usually donated to them as well. Additionally, I forward ALL Apple phishing attempts directly to Apple via their kindly provided phishing report email address: reportphishing@apple.com . You're welcome, China.

    Many companies, such as Apple, gratefully accept reports of phishing spam attacks. Some even sent thank you notes! (Hello PayPal and LinkedIn!) A few companies make the reporting of phishing difficult. (*Grumble* Google and Yahoo!) Too many companies don't care and either ignore the problem or tell you to go elsewhere. 
    Nice post! Well done sir. 

    To better understand phishing and Google:
    https://support.google.com/mail/answer/8253?hl=en
    If using GMail simply manually moving a suspected phishing email into your spam folder reports it to Google. IMO Google also does an admirable job of detecting many phishing emails so that the user is never exposed to them to begin with. 

    Prompted in part by a very short-lived (approx. 1hr) but could have been very dangerous phishing scheme last May Google rolled out stronger protections for all Google account holders within the week.  Enterprise/GSuite admins in particular were given tools earlier this year to harden their systems against malware and phishing schemes. 
    https://www.bleepingcomputer.com/news/google/google-deploys-new-anti-phishing-and-malware-detection-features-for-g-suite-users/
    https://www.engadget.com/2017/05/06/google-explains-phishing-scam-defense/
     Working overtime after the G+ breach I see.


    Did you learn anything? That's what the post was for.

    As for Google+ what breach are you speaking of? Perhaps you mistook a software flaw that could have potentially exposed some user data as a data breach? Hey, it's a common mistake. 
    :)

    but bad Google nonetheless... 


    edited October 19
  • Reply 20 of 26
    A Chinese consumer group? Baloney. I don’t believe such a group would be allowed to exist in China unless the PRC was behind it to use as a propaganda or blackmailing tool against Western (or any non-Chinese) companies in China.
    If you look at previous complaints by the China Consumer Association, it's pretty ironic how they only target foreign companies in China. 
    watto_cobra
Sign In or Register to comment.