More iTunes Accounts Compromised by App Store Developer? - MacRumors
Skip to Content

More iTunes Accounts Compromised by App Store Developer?

220254 itunesshot 500

Arstechnica reports on at least one other iTunes user who also claims to have been the victim of fraudulent App Store charges, possibly by a developer.

Ars reader Harper Reed contacted us to detail the problem. His account was used earlier today to purchase 34 of WiiSHii Network's apps without his permission, for a total of $168.89. The apps appear to mostly be travel guides for cities in China, and come in both English and Chinese versionsoddly enough, Reed ostensibly bought both.

Coincident with this activity which occurred today, WiiSHii's apps are also rising in the travel section suggesting that Reed's account may not have been the only one compromised. WiiSHii's apps were previously noted to be look suspicious by TheNextWeb.

The news comes soon after another report of similar fraudulent activity for another developer. In that case, Apple shut down that developer's account, reported that only 400 accounts were affected and denied that there was any compromise of Apple's iTunes servers themselves. Analysts had speculated that phishing had been the source of the account information:

"Standard phishing attacks," said Sullivan when asked to speculate on the most likely way Nguyen obtained access to the iTunes accounts. "That's much more likely than someone hacking the accounts or Apple's database," he added.

According to F-Secure's data, approximately 20% of online users use the same password across multiple accounts, so if that one password is stolen, it opens up access to all of those user's accounts. In this instance, Reed's password was apparently not an easily guessable word, but there was no indication if he used his password elsewhere on the internet.

According to one forum report, stolen iTunes account information is readily available for sale through certain Chinese web sites. If true, this means that the individuals actually stealing the accounts and those using them might not be the same. Based on the single data point, it's also impossible to say for sure the developer was behind the attacks, though they had the most to benefit. That said, it seems unlikely they will benefit from their efforts as Apple will almost certainly shut down their account if they are responsible.

Popular Stories

Apple 2026 Back to School Graphic

Apple's 2026 Back to School Offer Just Went Live in Select Countries

Wednesday July 15, 2026 11:48 am PDT by
Apple's annual Back to School promotion is now live in select countries in Asia, including China, India, Malaysia, the Philippines, Singapore, Taiwan, Thailand, and Vietnam. The offer provides college students and educational staff with a free item with the purchase of an eligible Mac or iPad model. The exact offer varies by country, with options including a pack of four AirTags, AirPods 4,...
iphone 17 cyber

Apple Closes Unlocked iPhone Loophole for T-Mobile and Verizon Financing

Wednesday July 15, 2026 3:20 pm PDT by
Carrier-financed iPhones purchased from Apple will soon be locked to the carrier, ending a workaround customers used to purchase an unlocked iPhone on a payment plan. Until the rule change, buying an iPhone from Apple and opting for financing through Verizon or T-Mobile meant you would get an iPhone not locked to either carrier's network. That's no longer the case, and now iPhones financed...
ipad mini 7 feature red and blue

New iPad Mini With Four Upgrades Reportedly Launching by October

Thursday July 16, 2026 7:16 am PDT by
Apple is planning to release a new iPad mini model with an OLED display by October this year, according to Bloomberg's Mark Gurman. Apple already updated the iPad Pro with an OLED display in May 2024, but the iPad mini, iPad Air, and entry-level iPad are all still equipped with LCD screens. The move to OLED technology would result in the next iPad mini offering improved image quality, thanks ...