WeChat hacked through ‘security flaw,’ no user data or money stolen

Tencent said on Friday that its popular messaging app WeChat — with over 600 million users — was hacked through a security flaw, but has since been patched.

No user data or money was stolen from Tenpay eWallets, which allow users in China to purchase goods and services from right inside the app, the company said after a preliminary investigation.

“A security flaw was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw, based on an external hack attempt, has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store,” Tencent wrote in a blog posting.

It offered some “important points about the situation,” included below:

1. The flaw, described in recent media reports, only affects WeChat v6.2.5 for iOS. Newer versions of WeChat (versions 6.2.6 or greater) are not affected.
2. A preliminary investigation into the flaw has revealed that there has been no theft of users’ information or money, but the WeChat team will continue to closely monitor the situation.
3. The WeChat tech team has extensive experience combating attempts to hack our systems. Once the security flaw was discovered, the team immediately took steps to secure against any theft of user information and reported the incident to relevant law enforcement.
4. Users who encounter any issues can contact the team by leaving feedback in the “WeChat Team” WeChat account.

At the end of August, British police warned of a scam on WeChat that attempted to trick users into purchasing gift cards or online shopping credits in return for offline sexual services.

Worryingly, there is also no shortage of videos and posts online about how to hack WeChat accounts.

Meanwhile, CNBC reported last month that mobile messaging apps — including WeChat — were being used for malicious purposes, allowing hackers to “steal sensitive information and send it back to a remote server.”

The issue of hacking has been highly topical in the tech industry over the past month, with Ashley Madison’s chief executive stepping down after the “affairs” website for married people suffered a major hack and data leak.

Even more recently, on September 9, New York health insurer Excellus BlueCross BlueShield was hacked, exposing data from more than 10 million members.

You can grab the latest (updated September 12) version of WeChat for iOS here..