Alipay Says Hackers Used Stolen Apple IDs to Siphon Off Money

(Bloomberg) -- Ant Financial’s Alipay warned users that cyber-attackers employed stolen Apple IDs to break into customers’ accounts and made off with an unknown amount of cash, in a rare security breach for China’s top digital payments provider.

Alipay, whose parent also operates the world’s largest money market fund, said on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach. It warned users that’ve linked their Apple identities to any payment services, including Tencent Holdings Ltd.’s WePay, to lower transaction limits to prevent further losses.

It’s unclear how the attackers may have gotten the Apple IDs, which are required for iPhone users that buy content such as music from iTunes or the app store. Apple representatives didn’t respond to requests and a phone call seeking comment.

“Since Apple hasn’t resolved this issue, users who’ve linked their Apple ID to any payments method, including Alipay, WePay or credit cards, may be vulnerable to theft,” Alipay said in its blogpost.

Digital payments services have become a tempting target for cyber-thieves as their popularity surges around the world. Ant Financial, which is controlled by billionaire Alibaba co-founder Jack Ma, is estimated to handle more than half of China’s $17 trillion in annual online payments. Formally known as Zhejiang Ant Small & Micro Financial Services Group, it’s leveraged Alipay’s popularity to expand into everything from asset management to insurance, credit scoring and lending. It serves more than 800 million customers.

To contact Bloomberg News staff for this story: Lulu Yilun Chen in Hong Kong at ychen447@bloomberg.net;Gao Yuan in Beijing at ygao199@bloomberg.net

©2018 Bloomberg L.P.

With assistance from Editorial Board