More iTunes Accounts Compromised by App Store Developer?

220254 itunesshot 500

Arstechnica reports on at least one other iTunes user who also claims to have been the victim of fraudulent App Store charges, possibly by a developer.

Ars reader Harper Reed contacted us to detail the problem. His account was used earlier today to purchase 34 of WiiSHii Network's apps without his permission, for a total of $168.89. The apps appear to mostly be travel guides for cities in China, and come in both English and Chinese versionsoddly enough, Reed ostensibly bought both.

Coincident with this activity which occurred today, WiiSHii's apps are also rising in the travel section suggesting that Reed's account may not have been the only one compromised. WiiSHii's apps were previously noted to be look suspicious by TheNextWeb.

The news comes soon after another report of similar fraudulent activity for another developer. In that case, Apple shut down that developer's account, reported that only 400 accounts were affected and denied that there was any compromise of Apple's iTunes servers themselves. Analysts had speculated that phishing had been the source of the account information:

"Standard phishing attacks," said Sullivan when asked to speculate on the most likely way Nguyen obtained access to the iTunes accounts. "That's much more likely than someone hacking the accounts or Apple's database," he added.

According to F-Secure's data, approximately 20% of online users use the same password across multiple accounts, so if that one password is stolen, it opens up access to all of those user's accounts. In this instance, Reed's password was apparently not an easily guessable word, but there was no indication if he used his password elsewhere on the internet.

According to one forum report, stolen iTunes account information is readily available for sale through certain Chinese web sites. If true, this means that the individuals actually stealing the accounts and those using them might not be the same. Based on the single data point, it's also impossible to say for sure the developer was behind the attacks, though they had the most to benefit. That said, it seems unlikely they will benefit from their efforts as Apple will almost certainly shut down their account if they are responsible.

Popular Stories

iOS 17

Apple Releases iOS 17.0.1 and iPadOS 17.0.1 With Bug Fixes, Plus iOS 17.0.2 for iPhone 15 Models

Thursday September 21, 2023 10:28 am PDT by
Apple today released iOS 17.0.1 and iPadOS 17.0.1 updates for the iPhone and the iPad, adding bug fixes to the new software. The iOS 17.0.1 and iPadOS 17.0.1 updates come just a few days after Apple launched iOS 17 and iPadOS 17. The software, which is build 21A340, can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. There is a...
iPhone 16 Mock Header With Dynamic Island

Skipping the iPhone 15 Pro? Here's What's Rumored for iPhone 16 Pro

Friday September 22, 2023 9:29 am PDT by
Are you skipping the iPhone 15 Pro and waiting another year to upgrade? If so, we already have some iPhone 16 Pro rumors for you. Below, we recap new features rumored for the iPhone 16 Pro models so far:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped with larger 6.3-inch and 6.9-inch displays, respectively, according to Ross Young, CEO of Display Supply Chain...
Update Your iPhone 15 to iOS 17

Warning: Update Your iPhone 15 to iOS 17.0.2 Before Transferring Data From Another iPhone

Friday September 22, 2023 6:36 am PDT by
If you are unboxing an iPhone 15, iPhone 15 Plus, iPhone 15 Pro, or iPhone 15 Pro Max today, make sure to update the device to iOS 17.0.2 before transferring data to the device from another iPhone, or else you might encounter issues. iOS 17.0.2 is only available for the iPhone 15 lineup. Apple says the update fixes an issue that may prevent transferring data directly from another iPhone...
Apple Watch Ultra 2 double tap gesture 230912

watchOS 10.1 to Enable Apple Watch's New 'Double Tap' Gesture

Thursday September 21, 2023 12:52 pm PDT by
The new Double Tap gesture for the Apple Watch Series 9 and the Apple Watch Ultra 2 will be enabled starting with watchOS 10.1, according to Marques Brownlee, host of the popular tech-focused YouTube channel MKBHD. The first beta of watchOS 10.1 will likely be available by next week, and Apple announced that the software update will be released next month. Brownlee shared his impressions...
emojipedia 15 1 emoji

Emoji Coming to Future iOS 17 Update Include Shaking Head, Brown Mushroom, Lime, Phoenix and More

Tuesday September 19, 2023 12:43 pm PDT by
As Apple was announcing new iPhone models last week, the Unicode Consortium was officially approving new emoji characters that are set to be added to smartphones starting in 2024. Mockup of new emoji from Emojipedia Approved Unicode 15.1 emoji include phoenix, lime, an edible mushroom, shaking head vertically (as in a "yes" nod), shaking head horizontally (a "no" head shake), and broken...
iPhone 15 Pro Fingerprints

Apple Says Fingerprints Can 'Temporarily Alter the Color' of iPhone 15 Pro's Titanium Frame

Thursday September 21, 2023 2:48 pm PDT by
In a support document updated today, Apple indicates that fingerprints might "temporarily alter the color" of the titanium frame on the iPhone 15 Pro and iPhone 15 Pro Max. Fortunately, Apple says this is not a permanent condition, as the fingerprints can be wiped off just like on any other iPhone to restore a clean finish. "For iPhone 15 Pro and iPhone 15 Pro Max, the oil from your skin...