Alipay says hackers used stolen Apple IDs to siphon off money

HONG KONG/BEIJING (BLOOMBERG) - Ant Financial's Alipay warned users that cyber attackers employed stolen Apple IDs to break into customers' accounts and made off with an unknown amount of cash, in a rare security breach for China's top digital payments provider.

Alipay, whose parent also operates the world's largest money market fund, said on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach.

It warned users who have linked their Apple identities to any payment services, including Tencent Holdings' WePay, to lower transaction limits to prevent further losses.

It is unclear how the attackers may have gotten the Apple IDs, which are required for iPhone users to buy content such as music from iTunes or the App Store. Apple representatives did not respond to requests and a phone call seeking comment.

"Since Apple hasn't resolved this issue, users who've linked their Apple ID to any payments method, including Alipay, WePay or credit cards, may be vulnerable to theft," Alipay said in its blogpost.

Digital payments services have become a tempting target for cyberthieves as their popularity surges around the world.

Ant Financial, which is controlled by billionaire Alibaba co-founder Jack Ma, is estimated to handle more than half of China's US$17 trillion (S$23.5 trillion) in annual online payments.

 

Formally known as Zhejiang Ant Small & Micro Financial Services Group, it has leveraged Alipay's popularity to expand into everything from asset management to insurance, credit scoring and lending. It serves more than 800 million customers.