Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users’ personal data.
Twenty-two people have been detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information, according to a statement Wednesday from local police in southern Zhejiang province.
Of the 22 suspects, 20 were Apple employees who allegedly used the company’s internal computer system to gather users’ names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan (US$7.36 million).
The statement did not specify whether the data belonged to Chinese or foreign Apple customers.
Following months of investigation, the statement said, police across more than four provinces — Guangdong, Jiangsu, Zhejiang, and Fujian — apprehended the suspects over the weekend, seizing their “criminal tools” and dismantling their online network.
See also: China users complain of iPhone 6s Plus catching fire or exploding, consumer watchdog says
The suspects, who worked in direct marketing and outsourcing for Apple in China, allegedly charged between 10 yuan (US$1.50) and 180 yuan (US$26.50) for pieces of the illegally extracted data.
The sale of personal information is common in China, which implemented on June 1 a controversial new cybersecurity law aimed at protecting the country’s networks and private user information.
In December, an investigation by the Southern Metropolis Daily newspaper exposed a black market for private data gathered from police and government databases.
Reporters successfully obtained a trove of material on one colleague — including flight history, hotel checkouts and property holdings — in exchange for a payment of 700 yuan (US$100).
Puckerberg on June 8th, 2017 at 14:20 UTC »
This is a huge problem in any industry that collects customer information. I worked at a Nextel call center. It was locked down tight, with door codes and cameras. It was common knowledge that people would apply for a job, go through 3 weeks of training, only to get onto the floor and start stealing credit cards paired with social security numbers. On my second month there, I found a thumb drive on the floor, and casually handed it to the first manager I saw walking down the hall. The place went into emergency mode while the thumb drive was analyzed on a secure laptop, and it was full of customer info. Thumbdrives were not allowed on the 'campus', neither were camera phones. You still had people writing stuff down on paper, but that was hard to hide. We had one person attempt to use Notepad but they got caught because it took too long to do it, since there was no copy/paste function, and we had floor monitors. You never knew if they were standing behind you. Also, leaving your computer unlocked 3 times, even if you were a few feet away, you were automatically terminated.
redragtoabear on June 8th, 2017 at 13:50 UTC »
Ahh this probably explains how my phone was hacked
My iCloud was logged into from an iPad in China using answers to security questions that had answers that weren't actual answers (I use a fake mothers maiden name for example, I can't remember the actual questions)
I'd never logged in online so it couldn't have been a trojan or keylogger
About 100 txt messages were sent to a Chinese number containing Chinese characters
This was about 18 months ago so it's been going on at least that long
gacorley on June 8th, 2017 at 13:35 UTC »
This is one reason to get strict privacy controls. Even if the company doesn't make a business of selling your data, some corrupt employees might steal it.