More iTunes Accounts Compromised by App Store Developer?

220254 itunesshot 500

Arstechnica reports on at least one other iTunes user who also claims to have been the victim of fraudulent App Store charges, possibly by a developer.

Ars reader Harper Reed contacted us to detail the problem. His account was used earlier today to purchase 34 of WiiSHii Network's apps without his permission, for a total of $168.89. The apps appear to mostly be travel guides for cities in China, and come in both English and Chinese versionsoddly enough, Reed ostensibly bought both.

Coincident with this activity which occurred today, WiiSHii's apps are also rising in the travel section suggesting that Reed's account may not have been the only one compromised. WiiSHii's apps were previously noted to be look suspicious by TheNextWeb.

The news comes soon after another report of similar fraudulent activity for another developer. In that case, Apple shut down that developer's account, reported that only 400 accounts were affected and denied that there was any compromise of Apple's iTunes servers themselves. Analysts had speculated that phishing had been the source of the account information:

"Standard phishing attacks," said Sullivan when asked to speculate on the most likely way Nguyen obtained access to the iTunes accounts. "That's much more likely than someone hacking the accounts or Apple's database," he added.

According to F-Secure's data, approximately 20% of online users use the same password across multiple accounts, so if that one password is stolen, it opens up access to all of those user's accounts. In this instance, Reed's password was apparently not an easily guessable word, but there was no indication if he used his password elsewhere on the internet.

According to one forum report, stolen iTunes account information is readily available for sale through certain Chinese web sites. If true, this means that the individuals actually stealing the accounts and those using them might not be the same. Based on the single data point, it's also impossible to say for sure the developer was behind the attacks, though they had the most to benefit. That said, it seems unlikely they will benefit from their efforts as Apple will almost certainly shut down their account if they are responsible.

Popular Stories

iOS 16

Apple Releases iOS 16.4 With New Emoji, Safari Web Push Notifications, Beta Changes, Voice Isolation for Calls and More

Monday March 27, 2023 10:03 am PDT by
Apple today released iOS 16.4, the fourth major update to the iOS 16 operating system that initially came out last September. iOS 16.4 comes two months after the launch of iOS 16.3, an update that added Security Keys for Apple ID. iOS 16‌.4 and iPadOS 16.4 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. It can take a few minutes...
iOS 16

iOS 16.4 Will Add These 8 New Features to Your iPhone

Sunday March 26, 2023 8:06 am PDT by
Following nearly six weeks of beta testing, iOS 16.4 is expected to be released to the public as soon as this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and...
apple mixed reality headset concept by david lewis and marcus kane

Some Apple Employees Seriously Concerned About Mixed-Reality Headset as Announcement Draws Closer

Sunday March 26, 2023 8:25 am PDT by
Some Apple employees are concerned about the usefulness and price point of the company's upcoming mixed-reality headset, The New York Times reports. Apple headset concept by David Lewis and Marcus Kane Initial enthusiasm around the device at the company has apparently become skepticism, according to eight current and former Apple employees speaking to The New York Times. The change of tone...
iOS 17 on Phone Feature

Gurman: iOS 17 to Provide Several 'Most Requested Features'

Sunday March 26, 2023 6:05 am PDT by
Apple changed the strategy for iOS 17 later in its development process to add several new features, suggesting that the update may be more significant than previously thought, Bloomberg's Mark Gurman reports. In January, Gurman said that iOS 17 could be a less significant update than iPhone updates in previous years due to the company's intense focus on its long-awaited mixed-reality...
apple tv 4k red image

Apple Releases tvOS 16.4 for Apple TV 4K and Apple TV HD

Monday March 27, 2023 10:00 am PDT by
Apple today released tvOS 16.4, the fourth major point update to the tvOS 16 operating system that came out last September. Available for the Apple TV 4K and Apple TV HD, tvOS 16.4 comes two months following the release of tvOS 16.3. The tvOS 16.4 update can be downloaded over the air through the Settings app on the ‌‌‌‌Apple TV‌‌‌‌ by going to System > Software Update....
Steve Jobs Theater dusk

Apple Reportedly Demoed Mixed-Reality Headset to Executives in the Steve Jobs Theater Last Week

Sunday March 26, 2023 5:53 am PDT by
Apple showcased its mixed-reality headset to the company's top 100 executives in the Steve Jobs Theater last week, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that the "momentous gathering" is a "key milestone" ahead of the headset's public announcement planned for June. The event was intended to rally Apple's top members of...
Apple Music Classical

Apple Explains Why It Launched an iPhone App Dedicated to Classical Music

Monday March 27, 2023 8:54 pm PDT by
Apple today published a support document explaining why it decided to release a standalone Apple Music Classical app for classical music. In short, Apple says the app was designed to support classical music's complex metadata:Classical music is different. It has longer and more detailed titles, multiple artists for each work, and hundreds of recordings of well-known pieces. The Apple Music...
iPhone 15 Pro Buttons CAD Leak

iPhone 15 Pro Low-Energy Chip to Allow Solid-State Buttons to Work When Device is Off or Out of Battery

Wednesday March 29, 2023 1:54 am PDT by
The iPhone 15 Pro and Pro Max will use a new ultra-low energy microprocessor allowing certain features like the new capacitive solid-state buttons to remain functional even when the handset is powered off or the battery has run out, according to a source that shared details on the MacRumors forums. CAD-based render of new solid-state buttons on iPhone 15 Pro models The source of this rumor is ...