中国支付公司称,小偷正通过苹果ID盗刷余额
China's two largest digital payments services, Alipay and WeChat Pay, have warned that thieves are using compromised Apple IDs to make purchases with people's accounts. Alipay posted a warning offering "security tips about Apple phones," which said that it had contacted Apple many times with hope of solving the issue, according to Reuters. Tencent, which owns WeChat Pay, later confirmed similar issues in a statement to Bloomberg.
支付宝和微信支付是中国规模最大的两种数字支付服务,它们都警告称:小偷正利用受攻击的苹果ID账号购买商品。路透社报道,支付宝发文警告"有关苹果手机的安全提示",称其已经多次联系苹果公司以解决这一问题。微信支付是腾讯旗下的一种支付方式,而后来腾讯向彭博社发表的一份声明也证实了类似问题的存在。
"Since Apple hasn't resolved this issue, users who've linked their Apple ID to any payments method, including Alipay, WePay, or credit cards, may be vulnerable to theft," Alipay wrote, according to Bloomberg's translation.
关于支付宝的发文,彭博社的译文如下:"在苹果公司没有完全解决这个问题之前,无论您的Apple ID绑定了哪种支付方式(包括支付宝、微信支付或者信用卡),都可能出现资金损失风险。"
It's not stated how widespread the issue is or how much money has been lost due to the thefts. Reuters reports that a Chinese state media outlet said some losses were as high as 2,000 yuan, or about $290 USD. Apple plans to refund money that was fraudulently spent, according to a source familiar with the matter.
文中并未说明这个问题的普遍性,也没有提及盗刷造成的损失数额。路透社报道,中国的一家官方媒体称,有些人的损失高达2000元(约290美元)。熟悉此事的消息源称,苹果公司计划将这笔欺诈性消费退还给用户。
Though the two companies are calling out Apple, it's not clear if the issue is specific to a flaw in its ID system. It sounds as though there has been a problem with the theft of Apple ID credentials, which thieves are then using to log in to Apple accounts and make purchases using associated payments methods, like Alipay and WeChat Pay.
尽管这两家公司都在喊话苹果公司,但目前尚不清楚该问题是否与苹果公司的身份识别系统存在缺陷有关。听起来好像是由于苹果ID被盗所致,也就是说小偷会登录用户的苹果账号,然后通过绑定的支付方式(如支付宝和微信支付)进行消费。
An Apple spokesperson said the company encourages customers to set a strong password and enable two-factor authentication to secure their accounts. Still, it's unusual to see large tech companies calling one another out like this, particularly over an issue that may not be exclusive to Apple. Alipay has since removed its social media post calling out Apple, though not before the story spread across state and international media.
苹果公司的发言人表示,公司鼓励用户设置保密强度高的密码,并启用双因素身份验证来保护账号安全。尽管如此,一家大型科技公司如此喊话另一家公司的场面并不多见,而且苹果公司可能并不是导致这一问题的唯一原因。支付宝已经删除了其喊话苹果公司的社交媒体贴,但这是在中国国内和国际媒体都知道这件事情之后的事了。
Some companies are proactive about searching out leaked account credentials, checking them against their own databases and then resetting passwords and warning users if they find a match. It's unclear if Apple does this, but it speaks to the broader issue companies like Apple face: it's not just their own sites and apps that need to be secure; they have to worry about common accounts and passwords being leaked from other sources as well.
有些公司主动搜索泄露的账户证书,并根据自己的数据库进行检查,然后重置密码,若出现相同的密码会弹出警告,提醒用户。目前尚不清楚苹果公司是否这样做了,但这一现象表明苹果这样的公司还面临着一个更广泛的问题:不仅需要保证自己网站和应用程序的安全性,而且还得担心其它来源泄露常见账号和密码的可能性。