Chinese consumer group demands Apple compensate stolen Apple ID owners
The China Consumer Association is calling on Apple to fully compensate people who lost money as a result of stolen iCloud accounts, arguing the company is downplaying a recent security breach.
![Apple store](https://apple.insidercdn.com/gallery/28158-43295-applestore-beijingcookdidi-l.jpg)
"Apple should not shift the blame, play down its own safety issues and divert consumers' attention," the group said according to Reuters. The issue is said to be generating heavy media attention, ranking as one of the most popular topics on social network Weibo.
In apologizing for the incident earlier this week, Apple claimed that a "small number of our users' accounts were accessed through phishing scams where two-factor authentication was not enabled," placing responsibility on the victims. Affected people had money stolen from their Alipay accounts, and Apple noted that it saw a surge in "false and fraudulent refund claims trying to take advantage of this incident."
Apple declined to comment further on the Reuters report, referring back to its earlier comments, in which it noted that it was talking to "relevant consumer agencies and listening to customer feedback about those changes."
Apple has yet to say exactly how many people were impacted by the matter, and how much money was lost. Social media posts, though, suggest that some people lost hundreds of dollars.
![Apple store](https://apple.insidercdn.com/gallery/28158-43295-applestore-beijingcookdidi-l.jpg)
"Apple should not shift the blame, play down its own safety issues and divert consumers' attention," the group said according to Reuters. The issue is said to be generating heavy media attention, ranking as one of the most popular topics on social network Weibo.
In apologizing for the incident earlier this week, Apple claimed that a "small number of our users' accounts were accessed through phishing scams where two-factor authentication was not enabled," placing responsibility on the victims. Affected people had money stolen from their Alipay accounts, and Apple noted that it saw a surge in "false and fraudulent refund claims trying to take advantage of this incident."
Apple declined to comment further on the Reuters report, referring back to its earlier comments, in which it noted that it was talking to "relevant consumer agencies and listening to customer feedback about those changes."
Apple has yet to say exactly how many people were impacted by the matter, and how much money was lost. Social media posts, though, suggest that some people lost hundreds of dollars.
![derekcurrie](https://forums.appleinsider.com/uploads/userpics/016/nZYF6UQF8JOUK.gif)
Comments
This what is colloquially known as "Wetware Error", PEBCAK ("Problem Exists Between Chair And Keyboard"), and professionally known as Social Engineering. It has nothing-at-all to do with Apple's responsibilities. There is no shifting of blame here. I'm astonished that Apple's lawyers allowed the company to apologize as there is nothing to apologize for! Instead, what Apple is doing is pointing out that they too find PHISHING (the actual catalyst of the problem, not Apple) to be unacceptable and in need of further preventative measures.
I use 2FA. Apple has stumbled/bumbled a bit as they got used to 2FA. But Apple has refined it very reasonably and very safely of late. Adding security to any system will always compromise Ease Of Use. Convenience vs Security is forever a compromise.
As for my part, since 1998 I've reported my spam to spamcop.net. Anyone can do it for free. I've usually donated to them as well. Additionally, I forward ALL Apple phishing attempts directly to Apple via their kindly provided phishing report email address: reportphishing@apple.com . You're welcome, China.
Many companies, such as Apple, gratefully accept reports of phishing spam attacks. Some even sent thank you notes! (Hello PayPal and LinkedIn!) A few companies make the reporting of phishing difficult. (*Grumble* Google and Yahoo!) Too many companies don't care and either ignore the problem or tell you to go elsewhere. The fact is that the very best place to report phishing is directly to the company being phished. If a company is blowing off phishing reports, complain to them about their bad, careless, self-destructive attitude, if you can.
To better understand phishing and Google:
https://support.google.com/mail/answer/8253?hl=en
If using GMail simply manually moving a suspected phishing email into your spam folder reports it to Google. IMO Google also does an admirable job of detecting many phishing emails so that the user is never exposed to them to begin with.
Prompted in part by a very short-lived (approx. 1hr) but could have been very dangerous phishing scheme last May Google rolled out stronger protections for all Google account holders within the week. Enterprise/GSuite admins in particular were given tools earlier this year to harden their systems against malware and phishing schemes.
https://www.bleepingcomputer.com/news/google/google-deploys-new-anti-phishing-and-malware-detection-features-for-g-suite-users/
https://www.engadget.com/2017/05/06/google-explains-phishing-scam-defense/
https://www.wsj.com/articles/apple-deeply-apologetic-over-account-hacks-in-china-1539690961?mod=rss_Technology
O...M...F...G...
I'm truly losing all hope for Humanity...
Thanks.
And note that Apple phishing spam has become remarkably sophisticated. The ongoing crop uses fake purchase notifications, such as users having been charged to join Apple Music. They post a link where users can go if they disagree with the charge. THAT is the phishing link. What's at the other end looks remarkably like you're contacting Apple to complain about the charge you never requested. Hand over your ID, password, charge method and they got you. If you're not paying attention, it's easy to fall for it. But it's NOT Apple's fault.
Apparently he's going into hospital for treatment and this has led him to appraise some aspects of his life. To this end, he'd like to give me $1.5milion that I can distribute to any charity that I deem to be worthy.
Anyone else see that one?
Sounds genuine.
As for Google+ what breach are you speaking of? Perhaps you mistook a software flaw that could have potentially exposed some user data as a data breach? Hey, it's a common mistake.
but bad Google nonetheless...
So how did these spammers become aware that our email address was associated with an Apple ID? It was not just a coincidence. I have many, many email addresses that have never been associated with Apple and don't receive such spam. But as soon as i create an Apple account with one, it starts getting spammed.
I hope Apple is aware of this, because it's very bad.