Reports of 'App Store Hacked' Greatly Exaggerated

Earlier today a report on TheNextWeb claimed that the App Store had been hacked and that a rogue developer had gamed the system by artificially driving sales to their eBooks. The rise in ranks were noted by competing developers who thought the rise strange given that the books all represented poorly coded Vietnamese-based books.
A couple of reviews left on one of the books revealed that at least two customers had their iTunes accounts compromised to purchase the books. This led to theories that a widespread attack specifically tied to this developer could be the cause of the rise in ranks. Which then led to a cascade of headlines suggesting that everyone's iTunes account was suddenly vulnerable to a coordinated attack. While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.
The Book category in which we found these apps (note, they've been pulled from the App Store) is one of the lowest trafficked categories in the App Store. Based on sales reports we've received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account (unlikely), the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.
Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed. However, this issue has been ongoing for years and we're not convinced there has been a major spike in activity. iTunes accounts are easy targets since they are so common. In our forums we have had a running thread on the topic since January 2008. A few reports appear every few months. There do seem to be a higher number of reports arising the past day or two of other iTunes accounts being hacked. It's certainly possible there has been an acute rise in the past few days, but the added press coverage will certainly attract more stories. Meanwhile, a blog post from 2009 similarly attracted a number of "me too" reports. The cause of the iTunes accounts to be compromised are almost certainly due to phishing attempts and the like rather than any insecurity on Apple's iTunes, itself.
It's still a good idea to make sure your accounts are safe, and especially important to make sure you have good (and different) passwords on all your sensitive accounts. Common mistakes include easy to guess passwords and shared passwords across multiple accounts.
Top Rated Comments
(View all)25 months ago
Hopefully someone hacks in again and starts adding more iPad apps....
edit: Chaz UK, how'd you get a Dell Streak?
edit: Chaz UK, how'd you get a Dell Streak?
25 months ago
Must have been a slow news day if all sites have to report on are a few phished iTunes accounts
25 months ago
Hopefully someone hacks in again and starts adding more iPad apps....
edit: Chaz UK, how'd you get a Dell Streak?
The streak has been out for a few weeks in the U.K! :)
25 months ago
Hacked iTunes accounts could make for some big bucks in the App Store which is probably why they did it.
25 months ago
The security and unhackability of Apple systems has been greatly exaggerated.
[ Read All Comments ]

Our sister-site TouchArcade notes that Chillingo's excellent physics puzzler Feed Me Oil is free today for both the iPhone and iPad. It's normally $0.99 for iPhone and $1.99 for iPad....
Several years ago, Comcast began instituting bandwidth caps of 250GB per month on its residential customers. In 2008, this was plenty for most customers, but with the advent of streaming video...
Reuters reports that China Mobile Chairman Xi Guohua has once again publicly stated that the world's largest mobile phone carrier is engaged in talks with Apple about offering the iPhone to its...
Apple has filed a motion to dismiss in a case filed by customers over alleged misleading advertising depicting the Siri technology in the iPhone 4S. The lawsuit, filed in March, alleges that...
The American Customer Satisfaction Index (ASCI) today released its latest rankings of customer satisfaction in the United States for mobile phones and a number of products and services, with the new...