Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Reports of 'App Store Hacked' Greatly Exaggerated

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,481
30,714



180136-ranks_500.jpg


Earlier today a report on TheNextWeb claimed that the App Store had been hacked and that a rogue developer had gamed the system by artificially driving sales to their eBooks. The rise in ranks were noted by competing developers who thought the rise strange given that the books all represented poorly coded Vietnamese-based books.

A couple of reviews left on one of the books revealed that at least two customers had their iTunes accounts compromised to purchase the books. This led to theories that a widespread attack specifically tied to this developer could be the cause of the rise in ranks. Which then led to a cascade of headlines suggesting that everyone's iTunes account was suddenly vulnerable to a coordinated attack. While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.

The Book category in which we found these apps (note, they've been pulled from the App Store) is one of the lowest trafficked categories in the App Store. Based on sales reports we've received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account, the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.

Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed. However, this issue has been ongoing for years and we're not convinced there has been a major spike in activity. iTunes accounts are easy targets since they are so common. In our forums we have had a running thread on the topic since January 2008. A few reports appear every few months. There do seem to be a higher number of reports arising the past day or two of other iTunes accounts being hacked. It's certainly possible there has been an acute rise in the past few days, but the added press coverage will certainly attract more stories. Meanwhile, a blog post from 2009 similarly attracted a number of "me too" reports.

It's still a good idea to make sure your accounts are safe, and especially important to make sure you have good (and different) passwords on all your sensitive accounts. Common mistakes include easy to guess passwords and shared passwords across multiple accounts.

Article Link: Reports of 'App Store Hacked' Greatly Exaggerated
 
Article Link
https://www.macrumors.com/2010/07/04/reports-of-app-store-hacked-greatly-exaggerated/
ChazUK

ChazUK

macrumors 603
Feb 3, 2008
5,393
25
Essex (UK)
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

I just hope whomever gets targetted in these attacks gets their money back. :(
 
adamvk

adamvk

macrumors 65816
Oct 29, 2008
1,308
0
Phoenix, AZ
Hopefully someone hacks in again and starts adding more iPad apps....

edit: Chaz UK, how'd you get a Dell Streak?
 
JoeG4

JoeG4

macrumors 68030
Jan 11, 2002
2,841
518
mhmmm just a few hundred people have been ripped off, no big deal.
:rolleyes:
 
M

mikemac11

macrumors newbie
Jun 22, 2010
15
0
Must have been a slow news day if all sites have to report on are a few phished iTunes accounts
 
ChazUK

ChazUK

macrumors 603
Feb 3, 2008
5,393
25
Essex (UK)
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

adamvk said:
Hopefully someone hacks in again and starts adding more iPad apps....

edit: Chaz UK, how'd you get a Dell Streak?
Click to expand...

The streak has been out for a few weeks in the U.K! :)
 
DipDog3

DipDog3

macrumors 65816
Sep 20, 2002
1,191
812
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

Hacked iTunes accounts could make for some big bucks in the App Store which is probably why they did it.
 
abhibeckert

abhibeckert

macrumors 6502
Jun 2, 2007
429
592
Cairns, Australia
A couple of weeks ago a family friend was bitten by fraudulent transactions in iTunes, over $300+ worth.

They were refunded, but I wonder if this is more widespread than the article implies? A whole bunch of illegal credit card transactions which push you up to the top could very well result in a bunch of perfectly legit transactions.

Apple needs to tread carefully. There's no way to prove the guy who's selling the app was involved in the fraud. It could be a competitor trying to get him banned.
 
Nord

Nord

macrumors member
Apr 28, 2010
80
7
À propos password, their's an easy solution: make a horribly long password of 16-20 "letters" with special characters and numbers and letters together, you'll be safe for many, many years, if not your whole life.
 
C

chris200x9

macrumors 6502a
Jun 3, 2006
906
0
Nord said:
À propos password, their's an easy solution: make a horribly long password of 16-20 "letters" with special characters and numbers and letters together, you'll be safe for many, many years, if not your whole life.
Click to expand...

Sure, if it was a brute force attack which I do not believe it was. I don't care how long your password is a trojan can get it just as easily.
 
charlituna

charlituna

macrumors G3
Jun 11, 2008
9,636
816
Los Angeles, CA
ChazUK said:
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

I just hope whomever gets targetted in these attacks gets their money back. :(
Click to expand...

I suspect it was mostly no one. The lists change constantly and already those titles are mostly gone.

So my guess is that this developer decided to try something cute. Created a bunch of fake accounts using hotmail, gmail etc. maybe a few friends mixed in (a couple of whom could have gotten nervous and decided to try 'hacked' to protect themselves or maybe he promised to repay them and didn't). Use some gift cards bought with cash and no one is any wiser.

It's actually not the first time that someone padded figures and/or reviews. and on a potentially slow weekend it would be rather easy to do, especially on a system that updates very often.
 
faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Passwords

They probably had insecure passwords that were real words. This doesn' mean that the Apple computer is vulnerable to viruses (as some of you seem to think).
 
mikethebigo

mikethebigo

macrumors 68020
May 25, 2009
2,280
1,127
This is only big news (like other big news stories about Apple recently) because Apple parades around and keeps talking about how much better they are than everyone else. Truth is, any major online retailer has to deal with hacking, every major phone manufacturer builds phones with defects, etc.

Don't complain when you over-inflate your image and then people realize you're just a company run by humans like everyone else.
 
J

Jazerai

macrumors newbie
Aug 16, 2008
15
0
i was one of the people that posted a link to the article. i haven't gone back and re-read it but i don't remember there being anything in the article that could be taken as an attack on apple. just a news story about what happened.

i understand that apple and the iphone 4 have been taking a beating recently but seriously... people are losing money. a pretty good amount of it in some cases. do people here really think that saying it's only happened to a few hundred people means it isn't worth reporting?

https://forums.macrumors.com/threads/407990/
 
Consultant

Consultant

macrumors G5
Jun 27, 2007
13,314
34
AKA mor0s falls for phising scams, blame Apple for their lack of common sense.


mikethebigo said:
This is only big news (like other big news stories about Apple recently) because Apple parades around and keeps talking about how much better they are than everyone else. Truth is, any major online retailer has to deal with hacking, every major phone manufacturer builds phones with defects, etc.

Don't complain when you over-inflate your image and then people realize you're just a company run by humans like everyone else.
Click to expand...

Some people are pretty clueless about the differences between account being hacked or user stupidity.
 
Nord

Nord

macrumors member
Apr 28, 2010
80
7
chris200x9 said:
Sure, if it was a brute force attack which I do not believe it was. I don't care how long your password is a trojan can get it just as easily.
Click to expand...
I doubt that, why would websites recommend long passwords if they're just as inefficient as shorter ones as you claim ? In that case, who cares about long passwords ?
That simply isn't true. I'm no expert of course, but I know that with 20 characters, there are quadrillions of combinations (I don't make the maths, I'll let you do it if it bothers you), making it impossible to crack, even for a machine and a life time isn't enough to crack it, and even if it was, finding another way to enter would take less time than find it.

Length is much more secure than "complexity" (adding $ and otehr &, %) onto a short password, it's good, but not enough and won't be as efficient than using normal alphabet, random at best, with a 20+ long password.
 
mauree

mauree

macrumors newbie
Jun 16, 2010
28
0
Nord said:
I doubt that, why would websites recommend long passwords if they're just as inefficient as shorter ones as you claim ? In that case, who cares about long passwords ?
That simply isn't true. I'm no expert of course, but I know that with 20 characters, there are quadrillions of combinations (I don't make the maths, I'll let you do it if it bothers you), making it impossible to crack, even for a machine and a life time isn't enough to crack it, and even if it was, finding another way to enter would take less time than find it.

Length is much more secure than "complexity" (adding $ and otehr &, %) onto a short password, it's good, but not enough and won't be as efficient than using normal alphabet with a 20+ long password. One letter adds many, many more possibilities.
Click to expand...

Nord, what he meant is that malware could, for example, detect your password as you type it, find it on your hard drive, etc. In that case it doesn't matter how many letter it's long, cause it wouldn't try to guess it by brute force.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom