Skip to comments.App Store, Hacked. (Updated: iTunes Accounts too.)
Posted on 07/04/2010 7:02:00 PM PDT by PugetSoundSoldier
Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. The rankings in the books category of the US iTunes store features 40 out of 50 apps by the same app developer, Thuat Nguyen.
Whats more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developers apps.
(Excerpt) Read more at thenextweb.com ...
Thanks for the info!
Apparently the walled garden has been breached... And people are getting nailed for hundreds of dollars of app downloads.
You evil hater
Sorry, that’s GD EVIL, LYING, FUD SPREADING SINNER AGAINST APPLE to you...;)
At least I pinged Swordmaker so he can come here and tell me that I’m a liar, it’s all FUD and there is no problem. And not complain for some reason that a thread that dealt with Apple was not given to him immediately (although I don’t know the problem about that)...
Thankfully I have no credit card on file with Itunes..learned my lesson a few years ago when I had my Visa in Itunes, someone was able to steal it and made about 200 bucks worth of purchases for apps and cheesy movies
So you’re saying this isn’t a new problem?
This is why I only keep about twenty bucks in my PayPal account. :)
That's impossible, we've all been told time and again there has never been a security breach of any Apple product "in the wild"...;)
At least you won't lose money this time! And don't trust the App ratings either, since they're gamed as well, apparently...
Sounds like Apple needs a PCI audit. On average every account they’ve lost will cost slightly more than $200 to repair. Thats restitution, penalties to the card issuers, possible legal trouble from the card owners, and cost of replacing the cards.
Could be higher of course. If they’ve lost enough account they’ll be forced into some very expensive corrective actions.
My mother had someone clean out her bank account through Itunes a while back. Apple didn’t seem to care one way or the other but the bank cared a lot and gave her the money back and went after Itunes themselves.
Those are the actions of a company that cares more about the bottom line than the satisfaction of their customers, not a company that's supposed to "Think Different"! ;)
Not a new problem. The person who hacked into my apple account was some guy in China..I called Visa right away and canceled the card. This crap isn’t new..happens all the time. I don’t buy anything from Itunes anymore
My mother bought a news report about trucking to write an article with some of the info. Several months lated she started getting hit with major purchases of music downloads she never bought.
She got it straightened out but it was with no help from apple or itunes.
Yep. But from post 13, it sounds like Apple will say “screw you” and ignore it, let the credit card company come after them. Just like a cold, calculating “bottom line oriented corporation”, not a caring entity.
Funny, I claimed that a week ago in another thread and was pilloried for it. Now we see that, in fact, Apple cares more about the bottom line than a given user’s satisfaction or experience. They’ll only care about an issue if it becomes large enough to affect enough users in a significant enough manner to threaten their profitability.
Apple: Think Different (about us; while we’re the same dollar-driven bastards as the rest of the industry we rail against, we still want you to ignore that and consider us blameless in all things)
It wasn’t hacked, you are just holding iTunes wrong.
Is there a $30 rubber band I can buy that will secure my iTunes account?
All companies that accept credit cards have agreements with the card companies. Penalties for stuff like this start at $500,000 dollars. Technically Apple is required to report incidents like this but they probably do it on an individual account basis thereby avoiding the repercussions.
“It wasnt hacked, you are just holding iTunes wrong.”
LOL you owe me a new keyboard.
While the credit union shouldn’t have allowed it to happen, they at least made it right and helped her set it up so no purchases from iTunes could be made without the bank calling her first.
Also a good statement on credit unions.
The only way you should ever buy anything online:
Get a credit card that allows you to create virtual cards with dollar and time limits.
No need for that, just don’t use a debit card. Review all charges to credit cards every month.
How is that easier or safer?
Well, like mnehring said, it’s obviously the user who’s using iTunes wrong, it’s not Apple’s fault!
I wonder if tomorrow we’ll see a bunch of open Apple headcount recs for IT security experts...;)
Its easier because you don’t have the hassle of the temp accounts. Its just as safe because either way your exposure is limited to $50 and even that is usually waived.
Either way you are responsible for reviewing your charges and disputing fake ones.
I had someone buy something on my itunes account about a month ago. Some weird rap song that I would never have purchased. They did it through Paypal. I disputed the charge and it was put back into my account. I didn’t really think anything of it at the time as it was for only $1.29 but it ticked me off enough to dispute the charge.
“I wonder if tomorrow well see a bunch of open Apple headcount recs for IT security experts...;)”
I’ll send them an unsolicited proposal for a PCI audit. Might just cause a few problems when I bring my windows test machine in to scan their environment. :)
Could have been a mistake, could have been a test transaction. Sometimes they’ll try small transactions first to see if the account is valid.
Maybe you don’t understand what a virtual card is and does.
When I want to purchase something online, from a value of $1.00 to thousands, I log in to my credit card account, in one minute I create a one time use number filled with a monetary value and expiration date I desire. I use it.
I don’t care if it’s hacked, traded, whatever, I don’t have to ever care, it’s useless to anyone after that one purchase.
How long before Apple blames Microsoft...
App Store and iTunes Store users accounts are being charged for fraudulent purchases. Regardless of how his is being done, watch your email for purchase receipts from Apple for items you didn't buy and check your recent purchase history at Apple. If you find suspicious activity, notify both Apple and your credit card company and/or your bank immediately!
Thanks to PugetSoundSoldier for the post and heads up Ping!
If you want on or off the Mac Ping List, Freepmail me.
Tweedle Dee and Tweedle Dumb. Guess which one you are.
Tweedle Dee and Tweedle Dumb. Guess which one you are.
wow I wonder how they hacked the accounts. What’s worse is that there’s an incentive to hack to raise one’s apps to the top of the list.
The Mac OS? The iTunes app? The Apple applications online store? PayPal? The credit card accounts?
Bit-sniffing over public wireless connections?
Gotta know specifics on where the hole is before attempting to patch it.
You know, Puget, your protests that you aren't anti-Apple would ring a lot truer if you weren't quite so giggly and gleeful in your posts about problems relating to Apple. But you have the right to do so, and I'm not telling you to stop. Just sayin', you give yourself away.
OTOH, it's not fair to prejudge what Swordmaker's reaction will be. He's brought a fair number of Apple's failures to FR threads.
Your taunt is just trying to start a fight. At the moment, you are trolling. And I think even in your glee you will have to admit that.
So please cut it out. It's unworthy. Thank you.
In fact I see that Swordmaker has posted a comment that is supportive of the thread concern, and he thanks you for the thread post. You might want to offer him a (small) apology for judging wrongly.
By the way, is this problem corroborated anywhere else, or is it just one blog post? I'm just starting to read about it, so I don't have perspective yet.
I appreciate your comments; however, history is that - even if proven correct - I will still be condemned by most as an Apple hater. Even when I prove my case, they will refuse to recant their charges of liar and FUD spreader. And thus I claim those labels as trophies of their refusal to be honest.
I must admit, I am surprised Swordmaker didn’t burst in with a “FUD” charge first, as has happened every other time, even when my posts are completely accurate and truthful. Perhaps he’s learning that just because I post something that he thinks is negative towards Apple, it does not make it false.
As a few other FReepers have posted above, iTunes accounts have been hacked before, and apparently are being hacked again.
So far I've seen articles on CNet and Engadget, and they all refernce the TNW blog.
I don't see any corroboration, just parroting.
Not that that weakens the report -- but corroboration will make it stronger.
This story was reported many hours ago on Apple sites. You’re late to the party.
What are you? An apple hater or a non-Apple product lover?
I'm willing to bet this is real, and that Apple will admit to it eventually, but not immediately.
>>> Even when I prove my case, they will refuse to recant their charges of liar and FUD spreader.
Broken clocks are occasionally right and blind squirrels stumble upon nuts.
Fanboys, of all stripes, tend to be blind to the failings of their chosen gods. They're not just bowing to Apple -- Microsoft doesn't attract them like before Vista, but I'm sure you remember the guys for whom Microsoft could do no wrong, and for whom everybody else was full of sh*t. Apple fanboys make me crazy, but no crazier than Windows fanboys did in their day.
> I must admit, I am surprised Swordmaker didnt burst in with a FUD charge first, as has happened every other time, even when my posts are completely accurate and truthful. Perhaps hes learning that just because I post something that he thinks is negative towards Apple, it does not make it false.
Spoken like a gentleman. :) (Obscure Monty Python ref.)
> As a few other FReepers have posted above, iTunes accounts have been hacked before, and apparently are being hacked again.
Yep, I think it's pretty clear somebody figured out a way to game the system and clean money from other people's accounts.
This has the aspect of yet another black eye for Apple, and it's totally their own, not AT&T's or anybody else's baby.
It also seems, the more I read on it, that this has been around for quite some time as a problem (not new today, anyway).
See posts 8 and 13, above, at least for the iTunes breaches. I’m sure we’ll see the TNW article backed up, there’s already quite a bit of talk on other tech sites like slashdot.
See posts 41 and 43; perhaps now you understand why I wear their insults as a badge of honor... Even when 100% correct I must be wrong, or at least 2nd place.
Who ever said that?
The only thing I know of that sounds like that is the claim that there are no self-replicating viruses "in the wild" for OS-X. That is, all known malware for OS-X requires operator cooperation ("Please download and execute this code"), or physical access to the machine (in which case all bets are off for -any- product).
I personally do not know of any self-replicating viruses for OS-X, so you may have seen me make that claim for OS-X's security.
But to say that anybody claims "that there has never been a security breach of any Apple product" is really out there. They must not know about Mac OS 9 and prior. If you can come up with an FR post where somebody wrote that statement, I'll join you in your derision of them.
That's a promise, Puget.
I'll ping Swordmaker to this comment, since being the Apple thread master, he may know of someone who made such a claim.
“I’m willing to bet this is real, and that Apple will admit to it eventually, but not immediately.”
I’m sure they were stunned to find that your account never had as much in it as they had been reporting to you, but in a few weeks they will update your account with the new lower value.
Looks like the Slashdot post is also based on TNW's blog post.
If this is the result of a hack of iTunes itself (somebody busted iTunes security), then it's very bad for Apple. OTOH, if somebody got a bunch of iTunes account credentials some other way than through iTunes (say, through a separate phishing campaign), it's still not good but the headline "iTunes hacked" is not longer quite accurate.
I'll be interested to see which way it ends up.
HAHA!! LOL. Good one.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.