Apple has confirmed that the accounts involved in recent unauthorized takeovers and fraudulent small-amount in-app purchases had been inactive for extended periods.
The compromised accounts shared a common vulnerability: they lacked two-factor authentication (2FA). Apple is now processing refunds for affected customers who experienced unauthorized content purchases.
An Apple spokesperson revealed in a conversation on Thursday that they believe these unauthorized transactions occurred on accounts created before two-factor authentication became mandatory, or in cases where users deliberately disabled 2FA. Further, many of the affected accounts appear to have been dormant for a considerable time.
The representative added that the investigation found no evidence of a breach in Apple’s systems, and they are actively refunding affected customers.
Currently, Apple employs a robust two-factor authentication system for Apple ID logins. Users must enter their password along with a six-digit verification code sent to their registered devices. Additionally, the company leverages biometric authentication technologies such as Touch ID and Face ID for enhanced security.
Law enforcement reports indicate that the majority of these incidents occurred between late August and early September. Victims include customers from the three major Korean mobile carriers.
A spokesperson for the Seoul Metropolitan Police Agency stated that they are taking over several cases of Apple-related payment fraud reported at various districts. Further noting that after initial victim interviews and preliminary measures, they will transfer the cases to our Cybercrime Division for a thorough and expedited investigation.