What a lovely Independence Day surprise: global iTunes accounts have been compromised and used to purchase up to $600 worth of AppStore apps per account. Initially the suspicious activity pointed towards one specific developer, but has since spread to multiple developers, multiple iTunes accounts and more than the US iTunes store. The Next Web has a detailed list of the facts surrounding this breach.
- A number of iTunes have been account from across the globe, not just the US, and used to purchase apps.
- iTunes users have reported anywhere between $100-$1400 spent using their accounts.
- Many of the apps have been purchased to specifically climb up the iTunes ranking to gain momentum in the hope that others will purchase the apps based on their high sales.
- Currently all the app purchased have been owned by Asia based developers with little information known about them. Clearly they feel being based in Asia will give them immunity to any US laws.
- The developers website and support links direct users to non-existent websites or landing pages.
- The initial rogue developer’s have now been removed from the app store but other unethical developers still have their accounts available in the app store – details on those to come.
Check your iTunes purchase history and/or your online banking access to determine if your account has been compromised in this security breach. If it has, I suggest immediately contacting Apple’s iTunes customer service and your bank to dispute the charges, so that you may recover any potentially lost funds as a result of this incident.
It is not really known how widespread this security breach is, or what vector was used to facilitate the hack. The initial hack by Vietnamese developer “Thuat Nguyen” that was reported all over the blogosphere may have lead to discussion about entirely unrelated security incidents.
At this point nobody knows exactly what is going on or how all the breaches are tied together. Be on the lookout for additional information once it becomes available. In the meantime, check out your purchase history to ensure your account was not used in the breach.
