BABA Alibaba Group Holding Limited

By Yoko Kubota 

BEIJING-- Apple apologized over the hacking of some Chinese accounts in phishing scams, almost a week after it emerged that stolen Apple IDs had been used to swipe customer funds.

In its English statement Tuesday, Apple said it found "a small number of our users' accounts" had been accessed through phishing scams. "We are deeply apologetic about the inconvenience caused to our customers by these phishing scams," Apple said in its Chinese statement.

The incident came to light last week when Chinese mobile-payment giants Alipay and WeChat Pay said some customers had lost money.

The victims of the scams, Apple said Tuesday, hadn't enabled so-called two-factor authentication--a setting that requires a user to log in with a password and a freshly-generated code to verify their identity.

The Cupertino, Calif.-based company didn't specify how many users were hit or how much money was stolen, nor did it offer details about how the hackers acquired the users' Apple IDs and passwords. To help prevent unauthorized access to their accounts, Apple said, people should enable two-factor authentication.

An Apple ID refers to the account used to access Apple services such as its App Store and iCloud. It includes information such as the user's email address, password and payment details, according to Apple's website.

China is a key market for Apple and the fraud is the latest challenge it is facing in an area where its share of the smartphone market has been treading water.

As the U.S.-China trade battle escalates, Apple is particularly exposed--most of its products are assembled in China. Still, it has so far avoided a major hit and there have been no signs of boycotts of American goods, though some major U.S. brands are vulnerable should tensions ramp up.

The hacking incident received broad media coverage in China, including detailed reports by state broadcaster CCTV that included victims saying they lost money to App Store purchases they didn't make. The broadcaster urged the companies to be more responsive.

Many consumers in China connect their Apple accounts to online-payment systems, including those run by Alipay, the payments affiliate of e-commerce giant Alibaba Group Holding Ltd., and WeChat Pay, owned by rival Tencent Holdings Ltd.

A spokesman for Alipay, owned by Ant Financial Services Group, said the company had no additional comments beyond the previous online warning. Tencent didn't immediately respond to a request for comment.

Apple has come under recent scrutiny in China over its approach to data privacy and security. In February, Apple started shifting the iCloud accounts of its China-based customers to the servers of a state-owned local partner, a move made to comply with Chinese law. It has also said it would store the encryption keys for those accounts in a secure location in China while retaining control over them.

Yang Jie in Beijing and Stella Yifan Xie in Hong Kong contributed to this article.

Write to Yoko Kubota at yoko.kubota@wsj.com

(END) Dow Jones Newswires

October 16, 2018 08:10 ET (12:10 GMT)

Copyright (c) 2018 Dow Jones & Company, Inc.