BEIJING (Reuters) – Ant Financial’s Alipay, the operator of one of China’s top two mobile payment apps, said hackers have taken an unknown amount of money from accounts using stolen Apple Inc IDs and the issue remains unresolved despite reaching out to the U.S. giant.
Alipay said in a post on its Toutiao social media account on Wednesday that users who have linked their accounts using Apple IDs should lower transaction limits.
“Alipay has contacted Apple many times…and the issue has not been resolved,” the post said.
The breach has affected users of both Alipay and Tencent Holdings Ltd’s WeChat and some users lost up to 2,000 yuan ($288), state media outlet Xinhua said on Thursday.
A Shanghai-based spokeswoman for Apple declined to comment. Representatives for Tencent did not respond to emails or phone calls seeking comment.
Ant Financial [ANTFIN.UL] is the payment affiliate of Alibaba Group Holding Ltd.
It is not clear how many users were affected by the breach, and Alipay’s statement urged affected users to contact Apple.
The potential breach underscores the security challenges facing China’s huge mobile payments market, where WeChat and Alipay services have become ubiquitous in daily life.
It also highlights the pitfalls facing tech firms in China, where smartphone scams and personal data breaches are more common than other markets.
Apple was chastised by Chinese state media in July for the amount of spam being sent on iMessage, with media saying with the company’s strict stance on privacy was hindering its ability to crack down on illegal behavior.
The company has since said it is contact with telecom companies on how to reduce the amount of spam received through iMessage.
Apple users in China are required to link their IDs to their phone numbers, which are in turn linked to their national identification numbers. Apple Pay, while not as popular as WeChat Pay and Alipay, has also become increasingly popular in China’s large eastern cities.
For WeChat Pay and Alipay, which each have around half a billion users, breaches are rare though users are frequently warned not to send money to unidentified people using the platforms.
Reporting by Cate Cadell; Editing by Edwina Gibbs