Third party distributors made millions in trade of user data.
Chinese authorities have arrested 22 individuals who were trading in iPhone user’s information. This information included iPhone user’s Apple ID’s and phone numbers, and was sold on the black market for anywhere from the equivalent of $1.50 to $26. All together these criminals made more than $7.36 million before their arrest. Even at top dollar, that is a lot of users affected.
The criminals responsible for this were not hackers, but Apple distributors. Engadget reports that they were probably third party distributors, which makes the crime even odder. These third party Apple distributors were able to search an internal Apple database to collect sensitive user data.
At this point it is unknown exactly how many users are affected, and where these users might be located. Are they only Chinese customers or worldwide? At this point, we don’t know, and I’m not sure we’ll ever really know the extent of those affected. Apple is generally not very forthcoming with information about security breaches.
My question is, how did this happen? Apple claims to be concerned about user’s security. So concerned that they are willing to ignore lawful requests for user information, and are more than willing to make a very public show on fighting those requests. This is of course something I have long claimed to be nothing but a marketing ploy on Apple’s part. However, if Apple is going to make a stance such as that, how is it that third party distributors would have this much access to user information. Why would third party distributors even need access to user’s phone numbers and Apple ID’s?