Apple has always been proud of its stringent protocols that protect the privacy of its users. CEO Tim Cook even mentioned that privacy was a fundamental human right and that they are determined to keep their customer’s data safe. However, a slew of arrests in China seems to reveal that Apple may not have everything under control. Despite its strict protocols, there will always be those who are willing to risk their freedom to infringe on the privacy of others for profit.
Data-trading network
According to a recent post by the Cangnan Security Bureau, authorities have apparently arrested 22 suspects, which include 20 employees from domestic “Apple direct-sales companies and contractors.” There wasn’t any clarification if these individuals were directly employed by Apple or if they are employees of Apple’s supply chain.
The suspects have been accused of stealing and selling User Data for millions of dollars in an underground data-trading ring. The data includes names, Apple IDs, phone numbers, and other personal information. According to reports, each transaction would earn the suspects anywhere from $2 to $27 per sale. All in the all, the Apple insiders are estimated to have earned over 50 million Yuan, or roughly $7.36 million within the Trading Network.
How they did it
Authorities have revealed that the data thieves actually had legitimate access to the internal servers and databases where user data were stored. It would have been very easy for them to bypass any security checks and then hack the systems to acquire the data.
The acquired data would then be sold to interested parties within the underground network.
Around 22 #Apple Distributors in China Arrested for Selling Customers’ Data in $7.4 Million on Black Markets https://t.co/ADto5CLLun pic.twitter.com/Q42yHWkcPQ
— Wang Wei (王偉) (@security_wang) June 9, 2017
String of arrests
According to the Chinese state media, authorities began to investigate the underground data trading ring sometime around January of this year.
The investigation was instigated by reports of black market trading with Apple user data. After having gathered enough evidence through different operations, authorities began raiding several locations across Guangdong, Jiangsu and Fujian provinces in early May. The raids produced several incriminating evidence including stolen credit cards, computers, hard drives, and smartphones.
The 22 suspects, whose identities have yet to be disclosed, are currently under criminal detention while the investigation continues. It has not yet been made clear if the user data that were stolen included users outside of China. Apple also has not yet issued a statement regarding the recent arrests.