Investigations are underway to ascertain how many of the 150 Million iTunes accounts have been hacked. Apple claims 400 but observers say it could be a lot more. Now customers are being asked to check their credit card accounts for fraudalent purchases.
Investigations are underway to ascertain how many of the 150 Million iTunes accounts have been hacked. Apple claims 400 but observers say it could be a lot more. Now customers are being asked to check their credit card accounts for fraudalent purchases.
The investigation started after Apple banned an independent developer who traded using the name Thuat Nguyen from the iTunes App Store.
The ban was implemented after complaints from several consumers who said that their accounts showed that they had purchased Vietnamese-language books from Thuat Nguyen.
In a statement issued l last week Apple said “The iTunes servers were not compromised. An extremely small percentage of users, about 400 of the 150 million iTunes users – that is less than 0.0003 per cent of iTunes users – were impacted.”
According to observers this claim does not tally after Mr Nguyen’s $4.99 applications, LP Bat Bai P6 rocketed to 50 on the US book charts in June.
By early July it had reached number 21 on the AppExplorer charts.
One developer commenting on the issue said that it took 50 downloads to get to No. 38 on that chart, so more than 1,000 purchases would have been needed to get to number 21.
Nguyen, who has 40 such applications in the top 50 is believed to have used automated technology to credit Apple accounts with a $4.99 purchase.
The Financial Times reported “The only reason this particular guy got caught is that he put 40 or 50 apps in the top 100 and cost a lot of developers real money” said Joel Feather, one of a group of successful app programmers who complained to Apple. “He got greedy – if he had been more subtle about it, he would not have been caught.”
Others said it was ridiculous to think that Mr Nguyen was the only one who might be pulling such a scam, which has called into question Apple’s reputation for strong security and practices such as its use of e-mail addresses as usernames.
“I guarantee you this isn’t the only guy,” said former FBI cybercrime agent E.J. Hilbert, who tracks fraud in online advertising for Epic Media Group. Other developers are likely to be flying below the radar by using many hacked accounts for small in-app purchases that do not send the programs onto the very visible bestseller lists, Mr Hilbert said.