Chinese tech giant Alibaba warned users on Wednesday that they could be at risk from making cashless transactions or paying bills with its Alipay application on Apple gadgets, stressing that the security loophole was not the fault of its app but of the US firm.

An Apple security breach was blamed by Alibaba for a recent string of thefts after some disgruntled Alipay users complained that their accounts had been marauded.

Alibaba warned that using online payment apps – either Alipay or WeChat Pay from its rival Tencent – bound to an Apple ID could run the risk of losing money if the security and encryption of the ID were compromised.

Alibaba said it had contacted Apple multiple times to express concern and the US company was working on a security update. As a stopgap measure, users should lower transaction limits or disable autopay that skips verification by the account holder, it said.

It is not clear how many users have been affected by the breach, and an Alipay statement urged affected users to contact Apple.

Apple’s Shanghai branch reportedly said it would fix the issue in the next iOS update but could not help users get their money back.

There have been reports in China that some iPhone users found suspicious transactions involving thousands of yuan on their Alipay apps after their Apple IDs were stolen and were used to make purchases on another Apple device.

Smartphone scams and personal data breaches are more common in China than in other markets.

Apple was chastised by Chinese state media in July for the astronomical amount of spam messages being sent via its iMessage app, ranging from deceitful loans and Macau casino ads to requests for financial help from people claiming to be students or sexy women.