Apple’s recent handover of China’s iCloud accounts to a government-run company appeared to have gone smoothly, but a deeply unsettling report related to the transition has gripped Chinese media, leading Apple to announce an investigation. According to sister publications The Paper and Sixth Tone, an Apple customer identified as “Qin” attempted to close his iCloud account ahead of the government takeover, only to have an AppleCare advisor argue with him, hack his account, and threaten to expose his personal information to teach him a lesson.
Qin’s story was originally posted on Chinese microblogging service Weibo and includes detailed text, screenshots, and even audio of one of his calls with the AppleCare advisor. In short, Qin says that he called AppleCare to close his account the day before the government-owned Guizhou-Cloud Big Data company took over Chinese iCloud account data, only to get into an argument with an Apple representative who was “really curious” why Qin didn’t “want to use Guizhou-Cloud Big Data’s service.”
The advisor then allegedly used his iCloud login information to hack his account, which contained both sensitive information and logins for other accounts. If that wasn’t bad enough, the advisor then called to blackmail Qin, saying that he would release the information if Qin didn’t comply with his demands. Qin contacted the police and Apple, both of which are investigating the incident.
After spending days going back and forth with Apple, Qin said that the company’s customer support people weren’t appropriately responsive to his requests for information about whether his account was safe, how much data had been taken from it, and who the threatening advisor was. But yesterday Apple sent the following written response (translated) to Chinese media:
We greatly respect the trust that our customers have given us, and entrust [their] personal privacy and information security to Apple. Safeguarding the privacy of users is the starting point of our system design. Any AppleCare technical advisor cannot access the customer’s password, email content and photos. We will work with this customer to investigate the incident and ensure that Apple employees and contractor teams adhere to the strict standards we set in customer contact.
Certain details remain controversial. Sina Technology News, part of the company behind Weibo, claims there is “currently no evidence” that the issue is directly related to the migration of Chinese iCloud accounts to Guizhou-Cloud Big Data, despite discussions to the contrary. Additionally, the employment status of the AppleCare advisor is somewhat unclear. The paper says the AppleCare advisor wasn’t fired by Apple but had rather resigned a month earlier and yet continued to serve customers due to an Apple transition policy for departing employees.
It’s safe to say the employee’s behavior did not reflect Apple policy or standards. However, the broader issue of AppleCare employee access to iCloud account information remains open and — based on Qin’s experience — deeply concerning. If you haven’t yet enabled two-factor authentication on your iCloud account, now would be a good time to do so.