Tencent said on Friday that its popular messaging app WeChat — with over 600 million users — was hacked through a security flaw, but has since been patched.
No user data or money held in Tenpay ewallets, which allow users in China to purchase goods and services from right inside the app, was stolen, the company said after a preliminary investigation.
“A security flaw was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw, based on an external hack attempt, has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store,” Tencent wrote in a blog posting.
It offered some “important points about the situation,” included in their own words below:
The flaw, described in recent media reports, only affects WeChat v6.2.5 for iOS. Newer versions of WeChat (versions 6.2.6 or greater) are not affected.
A preliminary investigation into the flaw has revealed that there has been no theft of users’ information or money, but the WeChat team will continue to closely monitor the situation.
The WeChat tech team has extensive experience combating attempts to hack our systems. Once the security flaw was discovered, the team immediately took steps to secure against any theft of user information and reported the incident to relevant law enforcement.
Users who encounter any issues can contact the team by leaving feedback in the “WeChat Team” WeChat account.
At the end of August, British police warned of a scam on WeChat that attempted to trick users into purchasing gift cards or online shopping credits in return for offline sexual services.
Worryingly, there is also no shortage of videos and posts online about how to hack WeChat accounts.
Meanwhile, CNBCreported last month that mobile messaging apps including WeChat were being used for malicious purposes, allowing hackers to “steal sensitive information and send it back to a remote server.”