Last week, Apple faced criticism from two of China’s biggest payment platforms that claimed that thieves were using compromised Apple IDs to swipe the funds in individual user accounts. Today, the iPhone maker is owning up to the allegations and offering an apology, according to The Wall Street Journal.
In a statement, Apple says that a “small number” of people had their accounts compromised due to phishing scams and that those users had not enabled two-factor authentication on their accounts. “We are deeply apologetic about the inconvenience caused to our customers by these phishing scams,” Apple said in a statement.
The payment companies, Alipay and WeChat Pay, announced last week that hackers had gained access to some users’ payment accounts. It wasn’t until Apple’s statement today that it was disclosed that the Apple ID accounts were compromised due to a phishing scam. After account login details were revealed, the hackers then used the accounts to make purchases through the apps, spending as much as 2,000 yuan ($290 USD).
The companies did not disclose how many users were hacked, the total amount of money stolen, or offer deeper insight into the hack. Apple said last week that it would refund the money users lost, according to a source familiar with the matter.