Some accounts were hacked in China last week through phishing scams. The stolen Apple IDs were later used to “to swipe customer funds”, the Wall Street Journal reports. Almost a week later, Apple acknowledged in an English statement that “a small number of our users’ accounts” were affected by the phishing scam.

In a Chinese statement the iPhone-maker said it was “deeply apologetic about the inconvenience caused to our customers by these phishing scams”. The incident surfaced last week when Chinese mobile-payment firms Alipay and WeChat acknowledged that some of their users were losing money.

Apple said that those affected didn’t have two-factor authentication enabled. This requires any log in with authentic credentials to be backed up by a randomly generated code. Despite admitting the incident’s existence, Apple did not mention how many users were affected or how much money they have lost. However, Apple strongly encourages its users to enable two-factor authentication.