20 Apple employees were selling users' data on the black market

by Olivia Morelli - - 2017-06-09

Chinese authorities have issued a public announcement which revealed that a total of 22 people had been arrested for the alleged trading of users’ personal data on the black market ^[1]. Apart from a couple of individuals, all detainees were working for the official distributors of Apple services and products throughout the provinces of Guangdong, Jiangsu and Fujian. These undercover thieves have been consistently leaking large amounts of Apple users’ data including user names, phone numbers, Apple IDs and other sensitive information and selling it to the unknown third parties online. The data would sell for 2 to 27 dollars a piece. According to the primary calculations, the criminal could have made over 50 million yuan which equals around 7 million in US dollars ^[2]. The investigation has not yet revealed whether this hefty amount of money was received from trading only the Chinese user data or the extent of the theft is worldwide.

Image illustrating Apple breach

Criminals accessed the users’ data via internal systems

While Apple always accentuates their concern with user privacy, the security breach has revealed some issues within the company’s internal structure itself. The suspects have been using Apple’s internal system to access users’ personal data and transfer it to the potential buyers. The truth is that the basic information about customers is freely available to the employees working in a variety positions at the Apple company. The multimillion company has hundreds of stores distributing the production across the world, so it is only natural that the head administration can hardly validate the reliability of all the staff having access to client data. Time will show whether these events will trigger any changes in the company.

Breach aftermath: what can you do to protect your data?

The police already shut down the illegal network through which the stolen user data was distributed. Unfortunately, tracking down where the purchased will be used next is virtually impossible. In the worst case scenario, the hackers may apply the information to crack Apple ID passwords and brute-force their way into victims' Apple service accounts such as App Store, iCloud, iMessage, etc. Security experts have a few suggestions how to lessen the chances of this happening:

protect your Apple ID accounts with strong passwords. Make sure the password consists of no less than 8 characters and includes letters, numbers and symbols;
enable security questions. Think of questions which only you could know the answers to;
set up two-step verification. This is an extra layer of protection you can add while signing in to your Apple account.

About the author

Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References

^ Harry Domanski. Apple employees caught selling user data in underground Chinese racket. Techradar. The source for tech buying advice.
^ Alfred Ng. Apple suppliers accused of selling iPhone user data in China. Cnet. Product reviews, how-tos, deals and the latest tech news.