The Chinese government may be behind a hack on Apple’s cloud storage service, just as the company launches its newest phone in China.
Over the weekend, many users in the country inadvertently began giving passwords and sensitive data to hackers that may be working for the Chinese government, security analysts said.
Analysts at GreatFire, a website that monitors blocked websites in China, reported that “Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud,” referring to a type of cyberattack in which a hacker jumps in between a person and the website they are visiting, relaying messages back in forth but also picking up their data.
Responding to the attacks on Tuesday, Apple acknowledged the intrusions and unveiled a new guide for people to verify that they are securely connected to the iCloud storage service.
“Apple is deeply committed to protecting our customers’ privacy and security,” the company said on its new page. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”
The company did not indicate whether or not it believed the Chinese government was behind the hack. A spokesperson declined to comment further.
The new attack comes just as Apple releases its new operating system and as the iPhone 6 is unveiled in China.
The new iPhones are automatically encrypted to prevent anyone from accessing data without a password — a feature that has earned criticism from the FBI and other U.S. officials.
Many Apple devices automatically back up their messages, photos and contacts to the iCloud server, however, so access to that connection could give a hacker access to much of their data.
In order to protect their data, users should heed any warnings they receive from websites about digital certificates, Apple said on Tuesday, and not enter passwords at potentially unsafe sites.
Analysts have previously accused China of launching attacks against Google, Yahoo and other major tech companies.
The Chinese government has denied that it is behind the attack.
A foreign ministry spokesman told reporters that the government was “resolutely opposed” to hacking, and the state-owned Internet provider claimed the allegation was “untrue and unfounded,” according to the BBC.