More iTunes Accounts Compromised by App Store Developer?
Arstechnica reports on at least one other iTunes user who also claims to have been the victim of fraudulent App Store charges, possibly by a developer.
Ars reader Harper Reed contacted us to detail the problem. His account was used earlier today to purchase 34 of WiiSHii Network's apps without his permission, for a total of $168.89. The apps appear to mostly be travel guides for cities in China, and come in both English and Chinese versionsoddly enough, Reed ostensibly bought both.
Coincident with this activity which occurred today, WiiSHii's apps are also rising in the travel section suggesting that Reed's account may not have been the only one compromised. WiiSHii's apps were previously noted to be look suspicious by TheNextWeb.
The news comes soon after another report of similar fraudulent activity for another developer. In that case, Apple shut down that developer's account, reported that only 400 accounts were affected and denied that there was any compromise of Apple's iTunes servers themselves. Analysts had speculated that phishing had been the source of the account information:
"Standard phishing attacks," said Sullivan when asked to speculate on the most likely way Nguyen obtained access to the iTunes accounts. "That's much more likely than someone hacking the accounts or Apple's database," he added.
According to F-Secure's data, approximately 20% of online users use the same password across multiple accounts, so if that one password is stolen, it opens up access to all of those user's accounts. In this instance, Reed's password was apparently not an easily guessable word, but there was no indication if he used his password elsewhere on the internet.According to one forum report, stolen iTunes account information is readily available for sale through certain Chinese web sites. If true, this means that the individuals actually stealing the accounts and those using them might not be the same. Based on the single data point, it's also impossible to say for sure the developer was behind the attacks, though they had the most to benefit. That said, it seems unlikely they will benefit from their efforts as Apple will almost certainly shut down their account if they are responsible.
Top Rated Comments
(View all)
Seems counter productive, from a developer's POV.
ya, stupid really. also could open up the possibilty of competitors doing this to other developers to try to take them out.
arn
You need to be able to identify phishing sites/emails and use unique and strong passwords.
If you get phished, having a unique and strong password doesn't really help you...
ya, stupid really. also could open up the possibilty of competitors doing this to other developers to try to take them out.
arn
Totally agree. No different than Facebook "hacking" either.
She's not unique in that, either. If this isn't fixed, Apple's reputation is going to drown. Most iPhone users love their device, but not when you can't trust Apple's supposedly secure AppStore.
Seems counter productive, from a developer's POV.
That and that it was done two out of two weeks makes me wonder if it's not the developer but someone that is trying to get them booted off. possibly both times or this time someone is copycatting knowing that Apple would boot off the developer etc.
And how many of those 400-500 folks actually changed their passwords. I bet not all of them. Add in a few new hits on phishing and such and it would be easy to pull a repeat
Apple needs to get on top of this ASAP.
these aren't brute force attacks on their servers and all the instruction in the world won't stop folks from using 'music' as a password or posting the name of that dog on the facebook account that is linked to the same email
My mum just bought an iPhone, and she's still pretty novice at it. She's a prime target for this kind of attack.
What kind of son doesn't teach her. Or just have her use itunes gift cards and not a credit card so that at the most, someone would get $10-15
My grandfather just started using a computer and the first thing I taught him was that the Internet is like the Wild West, it looks civilized most of the time but at any moment someone could shoot you in the back (he loves westerns so he got the reference) so caution is always in order.
Apple needs to get on top of this ASAP. My mum just bought an iPhone, and she's still pretty novice at it. She's a prime target for this kind of attack.
She's not unique in that, either. If this isn't fixed, Apple's reputation is going to drown. Most iPhone users love their device, but not when you can't trust Apple's supposedly secure AppStore.
Hello? I don't think you understand what is going on.
There is nothing wrong with AppStore's security in those cases. It is just like your credit card number being stolen and use to make purchase at a store, it is not the store's problem and you should just contact credit card company to investigate.
You shouldn't have lost your info to someone in the first place.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
