Anime, manga, and games, with a take · A Yukimedia publication

← all stories other 1 sources · 1h ago ·

Phishing SMS Leads to Apple Account Takeover at Alcare

A single employee falling for a smishing lure can lead to irreversible account takeover and data exposure with no recovery path, as shown by the Alcare incident.

Reporting from 1 source: ASCII.jp.

Phishing SMS Leads to Apple Account Takeover at Alcare

Alcare announced on December 25, 2025 that an employee's business smartphone was compromised after the employee entered Apple Account credentials on a fake site reached via a phishing SMS. The attacker took over the account the next day, initialized the phone, and recovery is impossible. Up to 200 customer records and 400 employee records may have been leaked. The company is contacting affected parties and strengthening security.

The attacker used a standard smishing lure: a message claiming security strengthening was needed and directing the employee to a fake Apple login page. The employee entered their Apple Account credentials, and the next day the attacker changed the account information and remotely initialized the business smartphone. Alcare stated that account recovery is impossible because the security information was also altered.

Two categories of data may have been exposed: roughly 200 records of customer information (medical institution names, company names, names, phone numbers) and about 400 records of employee information (names, business phone numbers, email addresses). The company is notifying affected individuals and has engaged external experts to investigate. It is also revising its security policies and employee training to prevent recurrence.

Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.

Sources