China uncovers massive underground network of Apple employees selling customers’ personal data

ttto

Level 9
Thread author
Verified
Well-known
Sep 22, 2016
408
Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users’ personal data.

Twenty-two people have been detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information, according to a statement Wednesday from local police in southern Zhejiang province.
5197654927_cf1158b8a3_b.jpg

Of the 22 suspects, 20 were Apple employees who allegedly used the company’s internal computer system to gather users’ names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan (US$7.36 million).

The statement did not specify whether the data belonged to Chinese or foreign Apple customers.

Following months of investigation, the statement said, police across more than four provinces — Guangdong, Jiangsu, Zhejiang, and Fujian — apprehended the suspects over the weekend, seizing their “criminal tools” and dismantling their online network.
The suspects, who worked in direct marketing and outsourcing for Apple in China, allegedly charged between 10 yuan (US$1.50) and 180 yuan (US$26.50) for pieces of the illegally extracted data.

The sale of personal information is common in China, which implemented on June 1 a controversial new cybersecurity law aimed at protecting the country’s networks and private user information.

In December, an investigation by the Southern Metropolis Daily newspaper exposed a black market for private data gathered from police and government databases.

Reporters successfully obtained a trove of material on one colleague — including flight history, hotel checkouts and property holdings — in exchange for a payment of 700 yuan (US$100).
 
5

509322

That is because most security vendors are still debating on how to capitalize from it ;) :D

Serious personal data breaches are a topic that people should pay attention to, but it doesn't - they're out-of-their-minds panicked by the IT security press with their irresponsible reporting such as SMB and WannaCry - reporting only the scary parts, but not the details that only SMB users are at-risk. No guidance, just fear mongering. No advice like this - if you don't even know what SMB is, then you're likely not at-risk but you should check this, this and this and here is how to do it. Now everyone wants an SMB fix even when they never used, and likely never will, use SMB.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Totally agree. A few years ago I bought some makeup at a retailer which was subsequently breached. A few months later a First Class plane ticket from Beijing to Toronto showed up on my American Express card. When I reported it, they just blew it off as inconsequential- as if it happens every day, which no doubt it does. Even worse, in 2015 the Office of Personnel Management was breached by China (this was confirmed), exposing all the data they had on anyone that holds a security clearance. So a 127 page form of all aspects of my life sit on some hard drive in China.

Point is, you either have already been or will be soon breached; no fault on your part and there is absolutely nothing you can do about it.
 

EASTER

Level 4
Verified
Well-known
May 9, 2017
145
Totally agree. A few years ago I bought some makeup at a retailer which was subsequently breached. A few months later a First Class plane ticket from Beijing to Toronto showed up on my American Express card. When I reported it, they just blew it off as inconsequential- as if it happens every day, which no doubt it does. Even worse, in 2015 the Office of Personnel Management was breached by China (this was confirmed), exposing all the data they had on anyone that holds a security clearance. So a 127 page form of all aspects of my life sit on some hard drive in China.

Point is, you either have already been or will be soon breached; no fault on your part and there is absolutely nothing you can do about it.

And while I still hold my own letter on this (2 years running now) I been (and others affected) are still waiting to see in what form of some compensation besides the cheap lame monitoring service for identity theft which was offered in return for 3 years of this useless service from ID Experts.

Fact is I know that i could have personally done a much better securing of such data than that last administration's willy nilly management of DOD sensitive data and stuff like this makes me furious that they didn't have tighter control.
 

Entreri

Level 7
Verified
May 25, 2015
342
This is why I hate Win10 lack of privacy, no doubt these kind of violations occurs at M$.

Win10: Keylogger, banking passwords, MONEYYYYYYYY. Obviously OneDrive, M$ has full control. Cloud storage, lol.

AND, Apple is the company touting privacy, unlike M$ who is using the Google model now.
 
  • Like
Reactions: AtlBo and malis2007
D

Deleted member 178

This is why I hate Windows 10 lack of privacy, no doubt these kind of violations occurs at M$.

Windows 10: Keylogger, banking passwords, MONEYYYYYYYY. Obviously OneDrive, M$ has full control. Cloud storage, lol.

AND, Apple is the company touting privacy, unlike M$ who is using the Google model now.
LOOL , nothing to do with Windows 10 , are you serious? it is rogue employees, using their position to steal datas; if it was a bank, the result would be same.
 

jasonX

Level 9
Apr 13, 2012
421
Totally agree. A few years ago I bought some makeup at a retailer which was subsequently breached. A few months later a First Class plane ticket from Beijing to Toronto showed up on my American Express card. When I reported it, they just blew it off as inconsequential- as if it happens every day, which no doubt it does. Even worse, in 2015 the Office of Personnel Management was breached by China (this was confirmed), exposing all the data they had on anyone that holds a security clearance. So a 127 page form of all aspects of my life sit on some hard drive in China.

Point is, you either have already been or will be soon breached; no fault on your part and there is absolutely nothing you can do about it.
Yeah. That is the saddest part of there...sooner or later, we can all be victims of a breach. I remember when Facebook was at it's early stage and people who jumped-in never really minded what they did. Until they were victims of identity theft and then frauds..and the help from Facebook then just came in reminders before they revamping some security measures. Sooner or later it is :)
 

hirudora56

Level 1
Verified
May 16, 2017
25
The scary part is, breach like this not something one can point at some specific organisation. It is one thing that a specific company is is harvesting (stealing!) your personal data & totally different thing that some individual is stealing that same thing or more. Google knows my location & searches, I'm ok with it but I'm absolutely not ok with someone specific in the food chain accessing that data for their personal gain. Because they don't have the liability of atleast protecting some very sensitive information.
 

Isaac Paul Flaum

New Member
Jun 9, 2017
2
How do you even stop this? Some employees are always going to need to have access to customers information for troubleshooting/logistical purposes.
 

Entreri

Level 7
Verified
May 25, 2015
342
LOOL , nothing to do with Windows 10 , are you serious? it is rogue employees, using their position to steal datas; if it was a bank, the result would be same.

With Win10, M$ is collecting user data. Data breaches are likely occurring without customers knowing. M$ is actually worse than Google now, forcing third party app installations AND resetting user privacy setting after an update. There isn't anything funny about what M$ is doing.

M$ is headed in the wrong direction.

If this can happen to Apple, it can happen to M$, hell even the NSA has data theft.
 
D

Deleted member 178

With Windows 10, M$ is collecting user data. Data breaches are likely occurring without customers knowing. M$ is actually worse than Google now, forcing third party app installations AND resetting user privacy setting after an update. There isn't anything funny about what M$ is doing.
To me those a minor inconveniences compared to the benefits it gave me over win7 , i work faster , safer and more conveniently. That is all i need.
i met some software engineers and they all praised Win10.

M$ is headed in the wrong direction.
they head in the same direction, before they didn't tell it :D

If this can happen to Apple, it can happen to M$, hell even the NSA has data theft.
Sure but this what you get when you employ people. Everything is collecting datas on you, your bank, your ISP, your hospital, your doctors, websites, phones.
So collecting some telemetry from me, isn't a big deal... and i dont see yet , win10 uploading my photos or private docs and some guys posting them over the net.
 
  • Like
Reactions: frogboy and Tiny

Dean Winchestere

Level 2
Verified
Mar 9, 2017
50
Everybody, the solution is very simple. Use fake information and categorize and seperate your online life.

Use the following format:

* specific email address ONLY use for social media and use a fake name across all. NEVER USE REAL ADDRESS. Use nearby city, not actual city. ( To prevent employers and stalkers, cybertheives etc from snooping.) Set all profiles to super private. If any are "hacked" (more likely) it won't infiltrate your personal life. Never use or give out email address for ANYTHING but authentication for social media, otherwise employers and unwanted people could find your profiles.

* Use a specific email address ONLY for icloud OR android phone and associate with fake name. DO NOT USE THIS EMAIL FOR GENERAL USE, EMAIL. It is only for phone apps purchases, and the phone itself. Use 2FA. If this is hacked, (unlikely) it will be an inconvenience but not a emergency.

* Use a specific email for banking, etc. Use 2FA NEVER GIVE THIS OUT. PERIOD!

* Use an email for all general and personal email sending/receiving (forums, gaming online, giving to friends, jobs etc). use 2FA. NEVER USE REAL NAME. I suggest using a separate email address for job searching for further security. (unless you are pretty professional and want your stuff to be "found"

Make sure in all cases you NEVER reveal your name on the internet. Never give your real address on the internet. All my banks and phone bills use an old address and get statements online. Not even the DMV has my "correct address". Even if somebody tries to falsely accuse me of a crime, or I get a red light camera etc.. I can't be found easily.

The only way to protect YOURSELF is to never give real information. It will get stolen. When it does, it cannot be used to hurt you.

I used fake names on my resume until I attend the interview (IT jobs). When asked i simply say, due to the amount of identity theft and hacking of legitimate companies, it is to protect my identity and integrity. If they cannot understand the importance of this step, I will happily refuse to have a business relationship with that company. I have had companies ask for my address. I give them a false address, and update it later if hired.


Sounds paranoid, but trust me, it will keep you very safe and protect yourself. It is really sad, but it is the only way to truely be safe.

The same ideology should be used to spread your money across different banks too because if one gets hacked, you can still pay your rent.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top