Apple has apologised over the hacking of a number of Chinese users. According to a statement obtained by the Wall Street Journal, Apple is “deeply apologetic” regarding the “inconvenience” caused to its customers.
Hackers tricked a number of users into sharing their Apple ID credentials, who then gained access to digital wallet accounts. In order to swipe funds, the scammers used Chinese mobile-payment services Alipay and WeChat connected to said accounts.
Apple urges users to enable two-factor authentication
The company has since revealed that the affected users did not have two-factor authentication enabled. The feature requires users to input a password and a code to verify their identity.
It is likely that the criminals therefore phished for vulnerable account credentials in order to steal money. As a result, Apple is urging its users to enable two-factor authentication on their accounts to protect against fraud.
Two-factor authentication greatly reduces the chance of attacks. However, Colin Brown, Identity and Access Management Delivery Lead at the BBC, told us that users fail to adopt two-factor authentication if the journey to do so is not “seamless.”
In an EM360 podcast, Brown said services like user authentication can be “really quite a challenge for users to use.” As a result, it “becomes quite difficult for non-technical users to actually employ the service in a contented way.”
“In the modern era, people are more and more used to customer side services that they use in their everyday lives being fairly seamless and straightforward to operate,” he said. “If we can’t really aspire at least to the same benchmark in enterprise services, then we all just encounter user-resistance.”
So far, this year has been ripe with data misuse and unethical practices. How has the tech industry changed as a result? Take a look at our feature on the 2018 data scandal.