backtop


Print


Fraudulent apps dominated the sales ranks in iTunes, taking advantage of hacked accounts to rake in thousands in purchases.  (Source: The Next Web)

YouTube was also attacked this weekend, thanks to a vulnerability in the commenting system.  (Source: Fortune)
Ring of rogue developers reportedly steal thousands from users, Apple keeps quiet on mess

According to a story which TheNextWeb broke over the holiday weekend, hundreds, if not thousands of iTunes accounts have been hacked over the holiday weekend, and a variety of methods used to ring up hundreds of dollars in fraudulent iTunes app store and music charges.

One developer, Thuat Nguyen, used the stolen accounts to apparently propel his apps to to filling 40 of the 50 top spots on the iTunes iBook section.  The apps -- mostly three series of books called Conan, Vien Ngoc Rong, and Thuy Hu -- retailed for $4.99 a piece and have since been apparently removed from the app store by Apple.

Other apps -- the Charismaist app, Wishii Network apps (which dominated 29 of the top 50 iPad Travel app spots), and developer Storm 8's apps -- reportedly have also been involved in the scheme. 

Some users report lesser sums -- around $150.  Others report losing around $600.  One user even reports, "Unlike what others have reported, we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music. Again, Apple did nothing to help but give the password reset advice and removing of the credit card info."

Some users report getting a couple of small purchases, then being hit with a single extortionate purchase for a $90 or more app.

Apple is reportedly having a mixed track record when it comes to the problems.  One iTunes user, redguitarfreak, posts on Twitter, "someone hacked my iTunes account info and downloaded about 120 bucks worth of apps.  Got it all back though!"

Another Twitter user, YourNYDreamHome, reports a less fortunate experience, stating, "I'm ready to shoot someone at iTunes.  Someone hacked by account and spent 100s of $s and they won't let me talk to a REAL PERSON.  Augh!!"

Apple has not officially responded to the problems.  It's unclear at this point how the hackers got their paws on the iTunes account passwords.  It's recommended that iTunes users remove credit cards numbers, for the time being, from their accounts (use gift cards instead) and change their passwords to more secure methods like long pass-phrases.  

In separate, perhaps unrelated news, the internet's top video site YouTube was also hacked over the holiday weekend.  Hackers discovered that information enclosed in <script> tags at the beginning of a comments post, would be put onto the page -- including redirects to shock pages, malware redirects, and obnoxious visual effects.  Justin Bieber videos were among the first to be hit, reportedly.

Some are blaming the hackers at the message board 4chan for the attacks because of posts made referencing attacks to come over the weekend.  It is unclear, though, exactly who masterminded the majority of the attacks on YouTube.

Google 
has responded to this issue, saying that it disabled comments temporarily while fixing the issue.  A spokesperson states, "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We're continuing to study the vulnerability to help prevent similar issues in the future."

Updated 7/6/2010 @ 11:34 am

Apple has released an official statement regarding the iTunes breach according to Engadget:

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns. 

Developers do not receive any iTunes confidential customer data when an app is downloaded. 

If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.





"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs
Related Articles
Verizon Wireless Blocks 4chan Website
February 8, 2010, 10:27 AM













botimage
Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki