Bloomberg:

Ant Financial’s Alipay and Tencent Holdings Ltd. warned that cyber-attackers employed stolen Apple IDs to break into customers’ accounts and made off with an unknown amount of cash, in a rare security breach for China’s top digital payments providers.

Alipay, whose parent also operates the world’s largest money market fund, said on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach. It warned users that’ve linked their Apple identities to any payment services, including Tencent’s WePay, to lower transaction limits to prevent further losses. Tencent said in a separate statement it too had noticed the cyber-heist and reached out to the iPhone maker.

And:

It’s unclear how the attackers may have gotten their hands on the Apple IDs, which are required for iPhone users that buy content such as music from iTunes or the app store. Apple representatives haven’t responded to requests and phone calls seeking comment.

As always, I take stories like this with a grain of salt. But this does not strike me as simple alarmist reporting. Clearly, there’s an underlying problem. But is the core of the issue about stolen Apple IDs? Lack of security on the part of those customers? A problem with the Alipay/WePay/Apple ID mechanism? Is this issue restricted to China?

Looking forward to hearing an official take from Apple.